J08: Social Engineering (PE)

Question 1

By only visiting websites via a trusted search engine and landing on legitimate pages you avoid drive by downloads entirely.

• True
• False

Answer 1

False

Question 2

Spear phishing can be differentiated from other types of phishing by their use of the latest news sources to create a believable story.

• True
• False

Answer 2

False

Question 3

Which DDoS attack spoofs the source address of a broadcast ping packet to overwhelm the victim with ping replies?

• ICMP Flood
• Smurf Attack
• Ping of Death
• None of the above

Answer 3

Smurf Attack

Question 4

What is the distiguishing feature of a pretexting attack?

• An excuse is devised in advance in case the attacker is caught trespassing.
• A text message is sent beforehand in an attempt to legitimize the attacker’s visitors.
• A story is devised to cast legitimacy and garnish cooperation during the interaction with the victim.

Answer 4

A story is devised to cast legitimacy and garnish cooperation during the interaction with the victim

Question 5

Which of the following is an attack involving leaving infected data storage devices near areas victims will cross, in hopes they will plug them into systems with valuable information?

• Avenue Avocado
• Court Pear
• Road Apple
• Highway Banana

Answer 5

Road Apple

Question 6

Which measure(s) could be used to stop a DDoS attack against your device?

• Install an anti-virus
• Make use of an Intrusion Prevention System
• Make your device drop all ICMP packets
• All of the above.

Answer 6

Make your device drop all ICMP packets

Question 7

What are ways to help prevent pretexting attacks?

• Implement identity verification congruent with the security level being sought.
• Contact the inquisitor’s company by looking them up, and not a number given by the inquisitor.
• Calling your supervisor if unsure of how to proceed.
• All of the above.

Answer 7

All of the above

Question 8

What does the acronym DoS Stand for?

• Distribution of Server
• Denial of Server
• Destruction of Service
• Denial of Service

Answer 8

Denial of Service

Question 9

Drive by downloads can occur even on legitimate websites without the hosting party’s knowledge.

• True
• False

Answer 9

True

Question 10

Which of the following is an indicator that a received e-mail may be a Phishing attempt?

• No introduction or signature blocks in an e-mail.
• A claim that there’s a problem with your account and a link to a website.
• A power failure occurs shortly after opening an e-mail.
• None of the above.

Answer 10

A claim that there’s a problem with your account and a link to a website

Question 11

What does the acronym DDoS Stand for?

• Distributed Denial of Service
• Denied Distribution of Service
• Distrubition of Denied Service

Answer 11

Distributed Denial of Service

Question 12

How can you help prevent drive by downloads?

• Use an out of date browser to trick attackers targeting newer software.
• Only use your admin account for program installations.
• Use your admin account at all times so anti-virus scans run with the highest privilege.
• Input IP addresses directly into the URL bar, avoiding compromised DNS servers.
• None of the above.

Answer 12

?

Question 13

Which of the following measures is least likely to help against infected removable storage devices?

• Disable Autoplay.
• Have an approved software list.
• Enforce anti-virus use.
• Mandate periodic awareness training.

Answer 13

?

Question 14

Which of the following would not help preventing Phishing attempts?

• Forwarding a suspected e-mail to a colleague to see what he thinks.
• Protecting of accounts by using multi-factor authentication.
• Utilizing security software, such as an anti-virus.
• Forwarding suspected e-mails to the Anti-Phishing Working Group

Answer 14

Forwarding a suspected e-mail to a colleague to see what he thinks

Question 15

What do Drive-by downloads take advantage of:

• Insecure applications
• Outdated applications
• Vulnerable operating systems
• All of the above

Answer 15

All of the above

Question 16

What can you do to minimize the chances of being a target of spear phishing?

• Keep up with the latest news publications.
• Minimize personal information you share online.
• Get on a first name basis with your local Network Enterprise Center technicians.
• None of the above

Answer 16

Minimize personal information you share online

Question 17

Drive-by downloads require users to interact with the page in order for malicious code to download.

• True
• False

Answer 17

False

Question 18

Which of the following is a type of DoS attack.

• SYN Flood
• FIN Flood
• ACK Flood
• RST Flood

Answer 18

Syn Flood

Question 19

What is the defining feature of a Quid Pro Quo attack?

• A threat is made on yourself should you not comply
• It is perpetrated by an individual outside your organization.
• The attack is custom tailored to the specific individual being contacted.
• Something of perceived value is offered for whatever is being requested.

Answer 19

Something of perceived value is offered for whatever is being requested

Question 20

By checking for a padlock next to a website’s URL you can be sure that it is a legitimate website and not an attacker’s spoofed website.

• True
• False

Answer 20

True