Chapter 4 review Questions Social Engineering,Physical And Password Attacks

Question 1

Which of the following is the best description of tailgating?

A. Following someone through a door they just unlocked
B. Figuring how to unlock a secured area
C. Sitting close to someone in a meeting
D. Stealing information from someone’s desk

Answer 1

A. Following some through a door they just unlocked

Question 2

When you combine phishing with Voice over IP, it is known as:

A. Spoofing
B. Spooning
C. Whaling
D. Vishing

Answer 2

D. Vishing

Question 3

Alan reads Susan’s password from across the room as she logs in. What type of technique has he used?

A. A man-in-the room attack
B. Shoulder surfing
C. A man in the middle attack
D. Pretexting

Answer 3

B. Shoulder surfing

Question 4

Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords?

A. MD5sum
B. John the Ripper
C. GPG
D. Netcat

Answer 4

B. John the Ripper

Question 5

What technique is most commonly associated with the use of malicious flash drives by penetration testers?

A. Mailing them to targets
B. Sneaking them into offices and leaving in desk drawers
C. Distributing them in parking lots as though they were dropped
D. Packing them to look like delivery and dropping them off with a target’s name on the package

Answer 5

C. Distributing them in parking lots as though they were dropped.

Question 6

Selah infects the ads on a website that users from her target company frequently visit with malware as apart of her penetration test. What technique has she used?

A. water hole attack
B. Vishing
C. Whaling
D. Typosquatting

Answer 6

A. Water hole attack

Question 7

Ben searches through an organizations’s trash looking for sensitive documents, internal notes, and other useful Information. What term describes this type of activity?

A. Waste engineering
B. Dumpster Diving
C. Trash pharming
D. Dumpster harvesting

Answer 7

B. Dumpster Diving

Question 8

Skimming attacks are often associated with what next step by attackers?

A. Phishing
B. Dumpster diving
C. Vishing
D. Cloning

Answer 8

D. Cloning

Question 9

Alaina suspects that her organization may be targeted by a SPIM attack. What technology is she concerned about?

A. Spam over instant Messaging
B. Social Persuasion and Intimidation by Managers.
C. Social Persuasion by Internet Media
D. Spam over Internal Media

Answer 9

A. Spam over instant Messaging

Question 9

Alex discovers that the network routers that his organization has recently ordered are running a modified firmware version that does not match the harsh provided by the manufacture when he compares them. What type of attack should Alex categorized this attack as?

A. An influence campaign
B. A hoax
C. A supply chain attack
D. A pharming attack

Answer 9

C. A supply chain attack

Question 10

Nicole accidentally types www.smazon.com into her browser and discovers that she is directed to a different site loaded with ads and pop-ups. Which of the following is the most accurate description of the attack she has experienced?

A. DNS hijacking
B. Pharming
C. Typosquatting
D. Hosts file compromise

Answer 10

C. Typosquatting

Question 11

Lucca’s organization runs a hybrid datacenter with systems in Microsoft’s Azure cloud and in a local facility. Which of the following attacks is one that he can establish controls for in both locations.

A. Shoulder surfing
B. Pharming
C. Typosquatting
D. Phishing

Answer 11

D. Phishing

Question 12

Alaina discovers that someone has set up a website that looks exactly like her organization’s banking website. Which of the following terms best describes this sort of attack?

A. Phishing
B. Pharming
C. Typosquatting
D. Tailgating

Answer 12

B. Pharming

Question 13

When a caller was recently directed to Amanda, who is a junior IT employee. at her company, the caller informed her that they were the head of IT for her organization and that she needed to immediately disable the organizations firewall due to an ongoing issue with their e-commerce website. After Amanda made the change, she discovered that the caller was not the head of IT, and that it was actually a penetration tester hired by her company. Which social engineering principle best matches this type of attack?

A. Authority
B. Consensus
C. Scarcity
D. Trust

Answer 13

A. Authority

Question 14

What type of malicious actor is most likely to use hybrid warfare?

A. A script Kiddie
B. A hacktivist
C. An internal threat
D. A nation state

Answer 14

D. A nation state

Question 15

Sharif receives a bill for services that he dose not believe his company requested or had performed. What type of social engineering technique is this?

A. Credential harvesting
B. A hoax
C. Reconnaissance
D. An invoice scam

Answer 15

D. An invoice scam

Question 16

Naomi receives a report of smishing. What type of attack should she be looking for?

A. Compressed files in phishing
B. Text message-based phishing
C. Voicemail-based phishing
D. Server based phishing

Answer 16

B. Text message based phishing.

Question 17

Charles wants to find out about security procedures inside his target company, but he doesn’t want the people he is talking to realize that he is gathering Information about the organization. He engages staff members in casual conversation to get them to talk about the security procedures without noticing that they have done so. What term describes this process in social engineering efforts?

A. Elicitation
B. Suggestion
C. Pharming
D. Prepending

Answer 17

A. Elicitation

Question 18

A caller reached a member of the IT support person at Carol’s company and told them that the chairman of the company’s board was traveling and needed immediate access to his account but had been somehow locked out. They told IT support person that if the board member did not have their password reset, the company could lose a major deal. If Carols receives a report about this, which of the principles of social engineering should he categorize the attackers efforts under?

A. Scarcity
B. Familiarity
C. Consensus
D. Urgency

Answer 18

D. Urgency

Question 19

What type of phishing targets specific groups of employees, such as all managers in the financial department of a company?

A. Smishing
B. Spear Phishing
C. Whaling
D. Vishing

Answer 19

B. Spear Phishing