4 - Social Engineering, Physical, and Password Attacks

Question 1

What is the best description of tailgating?

Answer 1

Following someone through a door they just unlocked

Question 2

When you combine phishing with Voice over IP, it is known as:

Answer 2

Vishing

Question 3

Alan reads Susan’s password from across the room as she logs in. What type of technique has he used?

Answer 3

Shoulder Surfing

Question 4

Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords?

Answer 4

John the Ripper

Question 5

What technique is most commonly associated with the use of malicious flash drives by penetration testers?

Answer 5

Distributing them in parking lots as though they were dropped

Question 6

Selah infects the ads on a website that users from her target company frequently visit with malware as part of her penetration test. What technique has she used?

Answer 6

Watering Hole Attack

Question 7

Ben searches through an org’s trash looking for sensitive documents, internal notes, and other useful info. What term describes this type of activity?

Answer 7

Dumpster Diving

Question 8

Skimming attacks are often associated with what next step by attackers?

Answer 8

Cloning

Question 9

Alaina suspects that her org may be targeted by a SPIM attack. What tech is she concerned about?

Answer 9

Spam over Instant Messaging

Question 10

Alex discovers that the network routers his org recently bought are running a modified firmware version that doesn’t match the hash provided by the manufacturer when he compares them. What type of attack should he categorize this as?

Answer 10

Supply Chain Attack

Question 11

Nicole accidentally types [www.smazon.com] into her browser and is immediately overwhelmed with ads and pop-ups. What type of attack has she just experienced?

Answer 11

Typosquatting

Question 12

Lucca’s org runs a hybrid datacenter with systems in Microsoft’s Azure cloud and in a local facility. What type of attack can he establish prevention/controls for in BOTH locations (physical and virtual)?

Answer 12

Phishing

Question 13

Alaina discovers someone has set up a website that looks exactly like her org’s banking website! What term describes this sort of cyber attack?

Answer 13

Pharming

Question 14

Amanda receives a call from someone claiming to be a senior IT employee. They tell her to disable her company’s firewall due to an ongoing issue with their eCommerce website. Of course, after she does so, it turns out that the IT employee… was a penetrator hired by her company to test their security. What Social Engineering Principle is at work?

Answer 14

Authority

Question 15

What type of malicious actor is most likely to use hybrid warfare?

Answer 15

Nation-State Actor

Question 16

Sharif receives a bill for services that he does not believe his company requested or had performed. What type of Social Engineering technique is this?

Answer 16

Invoice Scam

Question 17

Naomi receives a report of smishing. What type of attack should she look for?

Answer 17

Text-message-based Phishing

Question 18

Charles wants to find out about security procedures in his company… secretly. He engages staff members in casual conversation, and because he’s so personable, he gets the info. What Social Engineering effort is at work?

Answer 18

Elicitation

Question 19

A caller claiming to be the president of the company demands access to his accounts, else a big deal will fall through SOON. Carlos, the cybersecurity officer, classifies this very important call as an attack. What Social Engineering Principle would his situation fall under?

Answer 19

Urgency

Question 20

What type of phishing targets specific groups of employees, such as all managers in the financial department of a company?

Answer 20

Spear Phishing