Chapter 4 review Questions Social Engineering,Physical And Password Attacks Flashcards

1
Q

Which of the following is the best description of tailgating?

A. Following someone through a door they just unlocked
B. Figuring how to unlock a secured area
C. Sitting close to someone in a meeting
D. Stealing information from someone’s desk

A

A. Following some through a door they just unlocked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When you combine phishing with Voice over IP, it is known as:

A. Spoofing
B. Spooning
C. Whaling
D. Vishing

A

D. Vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Alan reads Susan’s password from across the room as she logs in. What type of technique has he used?

A. A man-in-the room attack
B. Shoulder surfing
C. A man in the middle attack
D. Pretexting

A

B. Shoulder surfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords?

A. MD5sum
B. John the Ripper
C. GPG
D. Netcat

A

B. John the Ripper

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What technique is most commonly associated with the use of malicious flash drives by penetration testers?

A. Mailing them to targets
B. Sneaking them into offices and leaving in desk drawers
C. Distributing them in parking lots as though they were dropped
D. Packing them to look like delivery and dropping them off with a target’s name on the package

A

C. Distributing them in parking lots as though they were dropped.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Selah infects the ads on a website that users from her target company frequently visit with malware as apart of her penetration test. What technique has she used?

A. water hole attack
B. Vishing
C. Whaling
D. Typosquatting

A

A. Water hole attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Ben searches through an organizations’s trash looking for sensitive documents, internal notes, and other useful Information. What term describes this type of activity?

A. Waste engineering
B. Dumpster Diving
C. Trash pharming
D. Dumpster harvesting

A

B. Dumpster Diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Skimming attacks are often associated with what next step by attackers?

A. Phishing
B. Dumpster diving
C. Vishing
D. Cloning

A

D. Cloning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Alaina suspects that her organization may be targeted by a SPIM attack. What technology is she concerned about?

A. Spam over instant Messaging
B. Social Persuasion and Intimidation by Managers.
C. Social Persuasion by Internet Media
D. Spam over Internal Media

A

A. Spam over instant Messaging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Alex discovers that the network routers that his organization has recently ordered are running a modified firmware version that does not match the harsh provided by the manufacture when he compares them. What type of attack should Alex categorized this attack as?

A. An influence campaign
B. A hoax
C. A supply chain attack
D. A pharming attack

A

C. A supply chain attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Nicole accidentally types www.smazon.com into her browser and discovers that she is directed to a different site loaded with ads and pop-ups. Which of the following is the most accurate description of the attack she has experienced?

A. DNS hijacking
B. Pharming
C. Typosquatting
D. Hosts file compromise

A

C. Typosquatting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Lucca’s organization runs a hybrid datacenter with systems in Microsoft’s Azure cloud and in a local facility. Which of the following attacks is one that he can establish controls for in both locations.

A. Shoulder surfing
B. Pharming
C. Typosquatting
D. Phishing

A

D. Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Alaina discovers that someone has set up a website that looks exactly like her organization’s banking website. Which of the following terms best describes this sort of attack?

A. Phishing
B. Pharming
C. Typosquatting
D. Tailgating

A

B. Pharming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When a caller was recently directed to Amanda, who is a junior IT employee. at her company, the caller informed her that they were the head of IT for her organization and that she needed to immediately disable the organizations firewall due to an ongoing issue with their e-commerce website. After Amanda made the change, she discovered that the caller was not the head of IT, and that it was actually a penetration tester hired by her company. Which social engineering principle best matches this type of attack?

A. Authority
B. Consensus
C. Scarcity
D. Trust

A

A. Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What type of malicious actor is most likely to use hybrid warfare?

A. A script Kiddie
B. A hacktivist
C. An internal threat
D. A nation state

A

D. A nation state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Sharif receives a bill for services that he dose not believe his company requested or had performed. What type of social engineering technique is this?

A. Credential harvesting
B. A hoax
C. Reconnaissance
D. An invoice scam

A

D. An invoice scam

16
Q

Naomi receives a report of smishing. What type of attack should she be looking for?

A. Compressed files in phishing
B. Text message-based phishing
C. Voicemail-based phishing
D. Server based phishing

A

B. Text message based phishing.

17
Q

Charles wants to find out about security procedures inside his target company, but he doesn’t want the people he is talking to realize that he is gathering Information about the organization. He engages staff members in casual conversation to get them to talk about the security procedures without noticing that they have done so. What term describes this process in social engineering efforts?

A. Elicitation
B. Suggestion
C. Pharming
D. Prepending

A

A. Elicitation

18
Q

A caller reached a member of the IT support person at Carol’s company and told them that the chairman of the company’s board was traveling and needed immediate access to his account but had been somehow locked out. They told IT support person that if the board member did not have their password reset, the company could lose a major deal. If Carols receives a report about this, which of the principles of social engineering should he categorize the attackers efforts under?

A. Scarcity
B. Familiarity
C. Consensus
D. Urgency

A

D. Urgency

19
Q

What type of phishing targets specific groups of employees, such as all managers in the financial department of a company?

A. Smishing
B. Spear Phishing
C. Whaling
D. Vishing

A

B. Spear Phishing