CH 10 - Social Engineering Flashcards

1
Q

You get a phone call from someone telling you they are from the IRS and they are sending the police to your house now to arrest you unless you provide a method of payment immediately.

What tactic is the caller using?

A. Pretexting
B. Biometrics
C. Smishing
D. Rogue access

A

A.
Pretexting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You are working on a red team engagement. Your team leader has asked you to use baiting as a way to get in.

What are you being asked to do?

A. Make phone calls
B. Clone a website
C. Leave USB sticks around
D. Spoof an RFID ID

A

C.
Leave USB sticks around

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the social engineering principles is in use when you see a line of people at a vendor booth at a security conference waiting to grab free USB sticks and CDs?

A. Reciprocity
B. Social proof
C. Authority
D. Scarcity

A

B.
Social proof

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a viable approach to protecting against tailgaiting?

A. Biometrics
B. Badge access
C. Phone verification
D. Man traps

A

D.
Man traps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why would you use wireless social engineering?

A. To send phishing messages
B. To gather credentials
C. To get email addresses
D. To make phone calls

A

B.
To gather credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which social engineering principle may allow a phony call from the help desk to be effective?

A. Social proof
B. Imitation
C. Scarcity
D. Authority

A

D.
Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why would you use automated tools for social engineering attacks?

A. Better control over outcomes
B. Reduce complexity
C. Implement social proof
D. Demonstrate authority

A

B.
Reduce complexity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What social engineering vector would you use if you wanted to gain access to a building?

A. Impersonation
B. Scarcity
C. Vishing
D. Smishing

A

A.
Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of these would be an example of pretexting?

A. Web page asking for credentials
B. A cloned badge
C. An email from a former coworker
D. Rogue wireless access point

A

C.
An email from a former coworker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What tool could you use to clone a website?

A. httclone
B. curl‐get
C. wget
D. wclone

A

C.
wget

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How would someone keep a baiting attack from being successful?

A. Disable Registry cloning.
B. Disable autorun.
C. Epoxy external ports.
D. Don’t browse the Internet.

A

B.
Disable autorun.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What statistic are you more likely to be concerned about when thinking about implementing biometrics?

A. False positive rate
B. False negative rate
C. False failure rate
D. False acceptance rate

A

D.
False acceptance rate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of these forms of biometrics is least likely to give a high true accept rate while minimizing false reject rates?

A. Voiceprint
B. Iris scanning
C. Retinal scanning
D. Fingerprint scanning

A

A.
Voiceprint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What attack can a proximity card be susceptible to?

A. Tailgating
B. Phishing
C. Credential theft
D. Cloning

A

D.
Cloning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which form of biometrics scans a pattern in the area of the eye around the pupil?

A. Retinal scanning
B. Fingerprint scanning
C. Iris scanning
D. Uvea scanning

A

C.
Iris scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What would the result of a high false failure rate be?

A. People having to call security
B. Unauthorized people being allowed in
C. Forcing the use of a man trap
D. Reduction in the use of biometrics

A

A.
People having to call security

17
Q

You’ve received a text message from an unknown number that is only five digits long. It doesn’t have any text, just a URL. What might this be an example of?

A. Vishing
B. Smishing
C. Phishing
D. Impersonation

A

B.
Smishing

18
Q

What is an advantage of a phone call over a phishing email?

A. You are able to go into more detail with pretexting.
B. Phishing attacks are unreliable.
C. Not everyone has email, but everyone has a phone.
D. Pretexting works only over the phone.

A

A.
You are able to go into more detail with pretexting.

19
Q

What is the web page you may be presented with when connecting to a wireless access point, especially in a public place?

A. Credential harvester
B. Captive portal
C. Wi‐Fi portal
D. Authentication point

A

B.
Captive portal

20
Q

What tool could you use to generate email attacks as well as wireless attacks?

A. Meterpreter
B. wifiphisher
C. SE Toolkit
D. Social Automator

A

C.
SE Toolkit

21
Q

What type of social engineering technique are you using if you are leaving USB sticks with malware on them around an office, expecting users to plug them into their systems?

A. Pretexting
B. Identity theft
C. Contact spamming
D. Baiting

A

D.
Baiting

22
Q

Your colleagues are suddenly calling you to indicate they received a strange email from you and are wondering what you are up to. If you didn’t send the message, what should you suspect?

A. Quid pro quo
B. Cloning
C. Contact spamming
D. Man traps

A

C.
Contact spamming

23
Q

Which of these pieces of information would not be of interest to an attacker trying to steal your identity?

A. Birthplace
B. First book you ever read
C. Mother’s maiden name
D. Social Security number

A

B.
First book you ever read

24
Q

If an attacker is using quid pro quo as a tactic to get you to provide information to them, who may they be most likely to indicate they are?

A. Your car dealer
B. Help‐desk staff
C. Your mother
D. Your dog

A

B.
Help‐desk staff

25
Q

Which of these is not a good way to protect against identity theft?

A. Shredding bank records
B. Using long and strong passwords
C. Encrypting your file system
D. Using a safe to store sensitive documents

A

C.
Encrypting your file system