Ethical Hacking 10 Flashcards
Which method of preventing an insider threat are the completion of tasks allotted to different employees at different times?
Rotation of duties
In which social engineering technique does an unauthorized person convince an authorized person to allow him or her into a secured area?
Piggybacking
Which of the following statements is NOT true regarding effective measures to defend against social engineering attacks?
A good security policy can prevent people from being socially engineered.
What software will provide some protection against well known phishing websites?
Netcraft toolbar
What statement represents an effective means of countering a persuasion based social engineering attack?
Employees should be trained on the basic security policies and procedures of the organization.
When an attacker sends an e-mail or provides a link falsely claiming to be from a legitimate site in an attempt to acquire a user’s personal or account information, the attacker is using which feature or technique?
Phishing
You are attempting to gather information about a client’s network, and are surveying a company site. Access is gained via secured entry using ID cards. You observe several employees on a smoke break near once of the secured entrances. Once they are finished, you casually follow them in after they’ve unlocked the entry point with an ID card. What type of social engineering attack has occurred?
tailgating
Which of the following is a technique in which an attacker sends an e-mail or provides a link falsely claiming to be from a legitimate site in an attempt to acquire a user’s personal or account information?
Phishing
What kind of social engineering attack involves an unauthorized person who convinced an authorized person to allow him or her into secured areas?
piggybacking attack
What type of social engineering involves the behavioral trait that compels someone to do what everyone else is doing?
social validation
Which type of social engineering threat is accomplished through the use of intimidation, persuasion, ingratiation, or assistance?
Personal Approaches
Which of the following is NOT one of the four phases of the social engineering lifecycle?
Social validation
What term is given to the authorization assigned to users or groups of users for their ability to read and write computer data and devices?
Access privileges
What information could be used to steal a target’s identity once identified?
an telephone bill
a water bill
Which type of attack uses the phone system?
phreaking
whiced legitimate, but in reality, was designed to appear exactly like your company’s corporate Internet login page. What type of attack is this?
phishing
What is the first phase of the social engineering cycle?
information gathering
A client is developing a security policy for their network and has asked you how they should defend against intimidation attacks. What response provides the best approach to this kind of specific attack?
The policy should outline how employees will escalate intimidation attempts to higher management.
Which human-based social engineering technique involves an attacker masquerading as a hardware vendor?
Posing as Technical Support
Which of the following should NOT be included in an effective password policy?
At least one other person should know a user’s password
What are the costs for a business when a user is tricked into downloading malware?
Business credibility, Business availability
Measures that must be taken to prevent the misuse of sensitive data would be part of which social engineering counter measure?
Operational Guidelines
What social engineering technique includes interception of any form of communication, including audio, video, or written?
Eavesdropping
