Chapter 4 review Questions Social Engineering,Physical And Password Attacks Flashcards
Which of the following is the best description of tailgating?
A. Following someone through a door they just unlocked
B. Figuring how to unlock a secured area
C. Sitting close to someone in a meeting
D. Stealing information from someone’s desk
A. Following some through a door they just unlocked
When you combine phishing with Voice over IP, it is known as:
A. Spoofing
B. Spooning
C. Whaling
D. Vishing
D. Vishing
Alan reads Susan’s password from across the room as she logs in. What type of technique has he used?
A. A man-in-the room attack
B. Shoulder surfing
C. A man in the middle attack
D. Pretexting
B. Shoulder surfing
Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords?
A. MD5sum
B. John the Ripper
C. GPG
D. Netcat
B. John the Ripper
What technique is most commonly associated with the use of malicious flash drives by penetration testers?
A. Mailing them to targets
B. Sneaking them into offices and leaving in desk drawers
C. Distributing them in parking lots as though they were dropped
D. Packing them to look like delivery and dropping them off with a target’s name on the package
C. Distributing them in parking lots as though they were dropped.
Selah infects the ads on a website that users from her target company frequently visit with malware as apart of her penetration test. What technique has she used?
A. water hole attack
B. Vishing
C. Whaling
D. Typosquatting
A. Water hole attack
Ben searches through an organizations’s trash looking for sensitive documents, internal notes, and other useful Information. What term describes this type of activity?
A. Waste engineering
B. Dumpster Diving
C. Trash pharming
D. Dumpster harvesting
B. Dumpster Diving
Skimming attacks are often associated with what next step by attackers?
A. Phishing
B. Dumpster diving
C. Vishing
D. Cloning
D. Cloning
Alaina suspects that her organization may be targeted by a SPIM attack. What technology is she concerned about?
A. Spam over instant Messaging
B. Social Persuasion and Intimidation by Managers.
C. Social Persuasion by Internet Media
D. Spam over Internal Media
A. Spam over instant Messaging
Alex discovers that the network routers that his organization has recently ordered are running a modified firmware version that does not match the harsh provided by the manufacture when he compares them. What type of attack should Alex categorized this attack as?
A. An influence campaign
B. A hoax
C. A supply chain attack
D. A pharming attack
C. A supply chain attack
Nicole accidentally types www.smazon.com into her browser and discovers that she is directed to a different site loaded with ads and pop-ups. Which of the following is the most accurate description of the attack she has experienced?
A. DNS hijacking
B. Pharming
C. Typosquatting
D. Hosts file compromise
C. Typosquatting
Lucca’s organization runs a hybrid datacenter with systems in Microsoft’s Azure cloud and in a local facility. Which of the following attacks is one that he can establish controls for in both locations.
A. Shoulder surfing
B. Pharming
C. Typosquatting
D. Phishing
D. Phishing
Alaina discovers that someone has set up a website that looks exactly like her organization’s banking website. Which of the following terms best describes this sort of attack?
A. Phishing
B. Pharming
C. Typosquatting
D. Tailgating
B. Pharming
When a caller was recently directed to Amanda, who is a junior IT employee. at her company, the caller informed her that they were the head of IT for her organization and that she needed to immediately disable the organizations firewall due to an ongoing issue with their e-commerce website. After Amanda made the change, she discovered that the caller was not the head of IT, and that it was actually a penetration tester hired by her company. Which social engineering principle best matches this type of attack?
A. Authority
B. Consensus
C. Scarcity
D. Trust
A. Authority
What type of malicious actor is most likely to use hybrid warfare?
A. A script Kiddie
B. A hacktivist
C. An internal threat
D. A nation state
D. A nation state