CH 10 - Social Engineering Flashcards
You get a phone call from someone telling you they are from the IRS and they are sending the police to your house now to arrest you unless you provide a method of payment immediately.
What tactic is the caller using?
A. Pretexting
B. Biometrics
C. Smishing
D. Rogue access
A.
Pretexting
You are working on a red team engagement. Your team leader has asked you to use baiting as a way to get in.
What are you being asked to do?
A. Make phone calls
B. Clone a website
C. Leave USB sticks around
D. Spoof an RFID ID
C.
Leave USB sticks around
Which of the social engineering principles is in use when you see a line of people at a vendor booth at a security conference waiting to grab free USB sticks and CDs?
A. Reciprocity
B. Social proof
C. Authority
D. Scarcity
B.
Social proof
What is a viable approach to protecting against tailgaiting?
A. Biometrics
B. Badge access
C. Phone verification
D. Man traps
D.
Man traps
Why would you use wireless social engineering?
A. To send phishing messages
B. To gather credentials
C. To get email addresses
D. To make phone calls
B.
To gather credentials
Which social engineering principle may allow a phony call from the help desk to be effective?
A. Social proof
B. Imitation
C. Scarcity
D. Authority
D.
Authority
Why would you use automated tools for social engineering attacks?
A. Better control over outcomes
B. Reduce complexity
C. Implement social proof
D. Demonstrate authority
B.
Reduce complexity
What social engineering vector would you use if you wanted to gain access to a building?
A. Impersonation
B. Scarcity
C. Vishing
D. Smishing
A.
Impersonation
Which of these would be an example of pretexting?
A. Web page asking for credentials
B. A cloned badge
C. An email from a former coworker
D. Rogue wireless access point
C.
An email from a former coworker
What tool could you use to clone a website?
A. httclone
B. curl‐get
C. wget
D. wclone
C.
wget
How would someone keep a baiting attack from being successful?
A. Disable Registry cloning.
B. Disable autorun.
C. Epoxy external ports.
D. Don’t browse the Internet.
B.
Disable autorun.
What statistic are you more likely to be concerned about when thinking about implementing biometrics?
A. False positive rate
B. False negative rate
C. False failure rate
D. False acceptance rate
D.
False acceptance rate
Which of these forms of biometrics is least likely to give a high true accept rate while minimizing false reject rates?
A. Voiceprint
B. Iris scanning
C. Retinal scanning
D. Fingerprint scanning
A.
Voiceprint
What attack can a proximity card be susceptible to?
A. Tailgating
B. Phishing
C. Credential theft
D. Cloning
D.
Cloning
Which form of biometrics scans a pattern in the area of the eye around the pupil?
A. Retinal scanning
B. Fingerprint scanning
C. Iris scanning
D. Uvea scanning
C.
Iris scanning