Chapter 1

Question 1

Social Engineering

Answer 1

attack against a user

Question 2

Best defense against Social Engineering?

Answer 2

user awareness & education

Question 3

Phishing

Answer 3

most common by pretending to be a trusted entity like email or instant message to gain sensitive information from user.

Question 4

Tailgating

Answer 4

piggybacking

Question 4

Dumpster Diving

Answer 4

looking for discarded information and equipment to gain information.

Question 5

Shoulder Surfing

Answer 5

looking over someone’s shoulder to gain info. Ex. In a crowded area peering over shoulder

Question 6

Smishing

Answer 6

SMS message designed to trick victim to a link.

Question 7

Vishing

Answer 7

fake caller ID to get account details over phone.

Question 8

SPIM

Answer 8

Spam sent over Instant messaging.

Question 9

Whaling

Answer 9

phishing attempts on high level targets like CEO.

Question 10

Spear phishing

Answer 10

targeting a specific person.

Question 11

Watering Hole Attacks

Answer 11

attacking a site target frequently visits.

Question 12

Typo Squatting

Answer 12

URL Hijacking. using typo errors to direct to malicious site.

Question 13

Prepending

Answer 13

supplying info that one will act on in attempt to legitimize request.

Question 14

Hoax

Answer 14

presenting a threat that doesn’t exist causing an action that weakens security.

Question 15

Credential Harvesting

Answer 15

phishing attempt causing one to click a link presenting a look-a-like page where the victim enters sensitive information.

Question 16

Principles of Influence

Answer 16

> Authority-using symbols of authority makes one feel obligated to comply.
Intimidation- using this to make target fear getting into trouble or fired.
Consensus-use of trusted peers to elicit response “safety in numbers”.
Scarcity/Urgency- “FIrst 50 callers…” or taking immediate action will prevent severe consequences/.
Familiarity-getting victim to like them
Trust- gaining victims trust.