Chapter 4: Social Engineering, Physical, and Password Attacks Review Questions Flashcards
1- Which of the following is the best description of tailgating?
A. Following someone through a door they just unlocked
B. Figuring out how to unlock a secured area
C. Sitting close to someone in a meeting
D. Stealing information from someone’s desk
- A. Tailgating is best defined as following someone through a door they just unlocked, thus gaining access to a secured area without presenting credentials or having the key or other access required to open the door.
2- When you combine phishing with Voice over IP, it is known as:
A. Spoofing
B. Spooning
C. Whaling
D. Vishing
- D. Vishing involves combining phishing with Voice over IP. Whaling focuses on targeting important targets for phishing attacks, spoofing is a general term that means faking things, and spooning is not a technical term used for security practices.
3- Alan reads Susan’s password from across the room as she logs in. What type of technique has he used?
A. A man-in-the-room attack
B. Shoulder surfing
C. A man-in-the-middle attack
D. Pretexting
- B. Shoulder surfing is the process of watching what someone is doing to acquire passwords or other information. A man-in-the- middle attack is a technical attack that inserts an attacker between a victim and a legitimate server or other destination to capture traffic. Pretexting is a social engineering technique that presents a reason or excuse why something is needed or done. A man-in-the-room attack was made up for this question.
4- Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords?
A. MD5sum
B. John the Ripper
C. GPG
D. Netcat
- B. Joanna needs to use a password cracking tool. Although John the Ripper is a useful password cracking tool, an even faster technique for most passwords with a known hashing scheme would be to use a rainbow table–based password cracker like OphCrack to look up the hashes using a precomputed database of likely passwords. MD5sum is a tool for creating MD5 hashes, not for cracking passwords, GPG is an encryption tool, and netcat is a great network tool with many uses, but password cracking is not one of them!
5- What technique is most commonly associated with the use of malicious flash drives by penetration testers?
A. Mailing them to targets
B. Sneaking them into offices and leaving them in desk drawers
C. Distributing them in parking lots as though they were dropped
D. Packing them to look like a delivery and dropping them off with a target’s name on the package
- C. Distributing malicious flash drives in a parking lot or other high-traffic area, often with a label that will tempt the person who finds it into plugging it in, is a technique used by penetration testers.
6- Selah infects the ads on a website that users from her target company frequently visit with malware as part of her penetration test. What technique has she used?
A. A watering hole attack
B. Vishing
C. Whaling
D. Typosquatting
- A. Watering hole attacks rely on compromising or infecting a website that targeted users frequently visit, much like animals will visit a common watering hole. Vishing is phishing via voice, whaling is a targeted phishing attack against senior or important staff, and typo squatting registers similar URLs that are likely to be inadvertently entered in order to harvest clicks or conduct malicious activity.
7- Ben searches through an organization’s trash looking for sensitive documents, internal notes, and other useful information. What term describes this type of activity?
A. Waste engineering
B. Dumpster diving
C. Trash pharming
D. Dumpster harvesting
- B. Dumpster diving is a broad term used to describe going through trash to find useful information, often as part of a penetration test or by attackers looking for information about an organization. As you may have guessed, the other answers were made up.
8- Skimming attacks are often associated with what next step by attackers?
A. Phishing
B. Dumpster diving
C. Vishing
D. Cloning
- D. Cloning attacks often occur after a skimmer is used to capture card information. Skimming devices may include magnetic stripe readers, cameras, and other technology to allow attackers to make a complete copy of a captured card. Phishing focuses on acquiring credentials or other information but isn’t a typical follow-up to a skimming attack. Dumpster diving and vishing are both unrelated techniques as well.
9- Alaina suspects that her organization may be targeted by a SPIM attack. What technology is she concerned about?
A. Spam over Instant Messaging
B. Social Persuasion and Intimidation by Managers
C. Social Persuasion by Internet Media
D. Spam over Internal Media
- A. SPIM is Spam over Internet Messaging (originally “Instant Messenger,” but this acronym was updated after IM tools became less common). Alaina will need to consider a variety of messaging tools where external and internal communications could also include spam. The other answers were made up.
10 - Alex discovers that the network routers that his organization has recently ordered are running a modified firmware version that does not match the hash provided by the manufacturer when he compares them. What type of attack should Alex categorize this attack as?
A. An influence campaign
B. A hoax
C. A supply chain attack
D. A pharming attack
- C. Supply chain attacks occur before software or hardware is delivered to an organization. Influence campaigns seek to change or establish opinions and attitudes. Pharming attacks redirect legitimate traffic to fake sites, and hoaxes are intentional deceptions.
11- Nicole accidentally types www.smazon.com into her browser and discovers that she is directed to a different site loaded with ads and pop-ups. Which of the following is the most accurate description of the attack she has experienced?
A. DNS hijacking
B. Pharming
C. Typosquatting
D. Hosts file compromise
- C. Typo squatting uses misspellings and common typos of websites to redirect traffic for profit or malicious reasons. Fortunately, if you visit smazon.com , you’ll be redirected to the actual amazon.com website, because Amazon knows about and works to prevent this type of issue. DNS hijacking and hosts file modifications both attempt to redirect traffic to actual URLs or hostnames to different destinations, and pharming does redirect legitimate traffic to fake sites, but typo squatting is the more specific answer.
12- Lucca’s organization runs a hybrid datacenter with systems in Microsoft’s Azure cloud and in a local facility. Which of the following attacks is one that he can establish controls for in both locations?
A. Shoulder surfing
B. Tailgating
C. Dumpster diving
D. Phishing
- D. Shoulder surfing, tailgating, and dumpster diving are all in- person physical attacks and are not something that will be in Lucca’s control with a major cloud vendor. Antiphishingtechniques can be used regardless of where servers and services are located.
13- Alaina discovers that someone has set up a website that looks exactly like her organization’s banking website. Which of the following terms best describes this sort of attack?
A. Phishing
B. Pharming
C. Typosquatting
D. Tailgating
- B. Pharming best fits this description. Pharming attacks use web pages that are designed to look like a legitimate site but that attempt to capture information like credentials. Typo squatting relies on slightly incorrect hostnames or URLs, and nothing like that is mentioned in the question. Tailgating is an in-person attack, and phishing is typically done via email or other means to request information, not by setting up a site like this, although some phishing attacks may direct to a pharming website!
14- When a caller was recently directed to Amanda, who is a junior IT employee at her company, the caller informed her that they were the head of IT for her organization and that she needed to immediately disable the organization’s firewall due to an ongoing issue with their e-commerce website. After Amanda made the change, she discovered that the caller was not the head of IT, and that it was actually a penetration tester hired by her company. Which social engineering principle best matches this type of attack?
A. Authority
B. Consensus
C. Scarcity
D. Trust
- A. The caller relied on their perceived authority to require Amanda to make the change. They likely also used urgency, which isn’t mentioned here, but that would cause Amanda to potentially skip the validation or verification processes she would have normally used in a scenario like this. There is no effort to build consensus or establish trust, nor is there a sense of scarcity as described in the scenario.
15- What type of malicious actor is most likely to use hybrid warfare?
A. A script kiddie
B. A hacktivist
C. An internal threat
D. A nation-state
- D. Hybrid warfare combines active cyberwarfare, influence campaigns, and real-world direct action. This makes hybrid warfare almost exclusively the domain of nation-state actors.