Chapter 4

Question 1

Social Engineering

Answer 1

The practice of manipulating people through a variety of strategies to accomplish desired actions.

Question 2

Authority

Answer 2

Relies on the fact that most people will obey someone who appears to be in charge or knowledgeable, regardless of whether or not they actually are.

Question 3

Intimidation

Answer 3

Relies on scaring or bullying an individual into taking a desired action.

Question 4

Consensus

Answer 4

Uses the fact that people tend to want to do what others are doing to persuade them to take an action.

Question 5

Scarcity

Answer 5

Make something look more desirable because it may the be the last one available.

Question 6

Familiarity

Answer 6

Based on you liking the individual or even the organization the individual is claiming to represent.

Question 7

Trust

Answer 7

Relies on a connection with the individual they are targeting.

Question 8

Urgency

Answer 8

Relies on creating a feeling that the action must be taken quickly due to some reason or reasons.

Question 9

Phishing

Answer 9

A broad term used to describe the fraudulent acquisition of information.

Question 10

Spear Phishing

Answer 10

Phishing that targets specific individuals or groups in an organization.

Question 11

Whaling

Answer 11

Phishing that targets senior employees.

Question 12

Credential Harvesting

Answer 12

The process of gathering credentials like usernames and passwords.

Question 13

Spam

Answer 13

Unsolicited or junk email that is used to employ various social engineering attacks.

Question 14

Shoulder Surfing

Answer 14

Looking over a person’s shoulder to capture information.

Question 15

Tailgating

Answer 15

A physical entry attack that requires simply following someone who has authorized access to an area so that they open secured doors you can pass through as well.

Question 16

Eliciting Information

Answer 16

A technique used to gather information from targets without them realizing they are providing it.

Question 17

Pretexting

Answer 17

The process of using a made-up scenario to justify why you are approaching an individual.

Question 18

Identity Fraud

Answer 18

Using someone else’s identity.

Question 19

Brute-force Attack

Answer 19

Iterating through a list of characters or words to find a combination that works.

Question 20

Password Spraying

Answer 20

A form of brute-force attack that attempts to use a single password or small set of passwords against many accounts.

Question 21

Dictionary Attacks

Answer 21

A form of brute-force attack that uses list of words for their attempts.