J.Dion Sec. 5 Social Engineering

Question 1

Manipulative strategy that exploits human psychology to gain unauthorized access to systems, data, or physical spaces.

Answer 1

Social engineering

Question 2

What are the 6 main types social engineers use?

Answer 2

Authority
Urgency
Social proof
Scarcity
Likability
Fear

Question 3

The power or right to give orders, make decisions, and enforce obedience.

Answer 3

Authority

Question 4

Compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly or prioritize certain actions.

Answer 4

Urgency

Question 5

Psychological phenomenon where individuals look to the behaviors and actions of other to determine their own decisions or actions in similar situations.

Answer 5

Social proof

Question 6

Psychological pressure people feel when they believe a product, opportunity, or resource is limited or in short supply.

Answer 6

Scarcity

Question 7

It is associated with being nice, friendly, and socially accepted by others.

Answer 7

Likability

Question 8

Feeling afraid of someone or something, as likely to be dangerous, painful, or threatening.

Answer 8

Fear

Question 9

What are the four main forms of impersonation used by attackers?

Answer 9

Impersonation
Brand impersonation
Typosquatting
Watering Hole Attacks

Question 10

An attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data.

Answer 10

Impersonation

Question 11

Specific form of impersonation where an attacker pretends to represent a legitimate company or brand.

Answer 11

Brand Impersonation

Question 12

A form of cyber attack where an attacker registers a domain name that is similar to a popular website but contains some kind of common typographical error.

Answer 12

Typosquatting

Question 13

Typosquatting is also known as 2 other names

Answer 13

URL hijacking
Cyber-squatting

Question 14

Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use.

Answer 14

Watering hole attacks

Question 15

What are the 6 types of phishing attacks?

Answer 15

Phishing
Vishing
Smishing
Whaling
Spear phishing
Business email compromise

Question 16

Fraudulent attack using deceptive emails from trusted sources to trick individuals into disclosing personal information like passwords and credit card numbers.

Answer 16

Phishing

Question 17

Used by cybercriminals who are more tightly focused on a specific group of individuals or organizations.

Answer 17

Spear phishing

Question 18

“Spray and pray” mode?

Answer 18

Phishing

Question 19

Targeted users mode?

Answer 19

Spear phishing

Question 20

Form of spear phishing that targets high-profile individuals like CEOs or CFOs.

Answer 20

Whaling

Question 21

Advanced phishing attack that leverages internal email accounts within a company to manipulate employees into carrying out malicious actions for the attacker.

Answer 21

Business email compromise (BEC)

Question 22

Phone-based attack in which the attacker deceives victims into divulging personal or financial information.

Answer 22

Vishing (Voice phishing)

Question 23

Attack that uses text messages to deceive individuals into sharing their person information.

Answer 23

Smishing (SMS phishing)

Question 24

Vital tool for educating individuals about phishing risks and how to recognize potential phishing attempts in user security awareness training.

Answer 24

Anti-phishing compaign

Question 24

Manipulating a situation or creating a distraction to steal valuable items or information.

Answer 24

Diversion theft

Question 24

This type of attack, the attacker manipulates the DNS server settings, so that when a user types a legitimate website URL they are redirected to a fake website.

Answer 24

DNS spoofing

Question 24

Malicious deception that is often spread through social media, email, or other communication channels.

Answer 24

Hoax

Question 25

What two types of attack are hoaxes usually paired with?

Answer 25

Phishing attacks
Impersonation attacks

Question 26

Looking over someone’s shoulder to gather personal information.

Answer 26

Shoulder surfing

Question 27

Virtual or physical searching through trash to find valuable information.

Answer 27

Dumpster diving

Question 28

The process of secretly listening to private cnonversations.

Answer 28

Eavesdropping

Question 29

What type of attack is paired with eavesdropping?

Answer 29

On the path attack

Question 30

Planting a malware-infected device for a victim to find and unintentionally introduce malware to their organization’s system.

Answer 30

Baiting

Question 31

Which of the following types of phishing attacks is used to specifically target high-level executives or important officials within an organization?

a. Phishing
b. Whaling
c. Spear phishing
d. Impersonation

Answer 31

b. Whaling

Question 32

During an anti-phishing campaign, what primary action should a company take after simulating a successful phishing attack on its employees?

a. Terminate the employees who fall for the simulated attack.
b. Send a warning email to all employees so they will be aware of phishing as a problem.
c. Provide remedial training to all employees who fell for the attack.

Answer 32

c. Provide remedial training to all employees who fell for the attack.

The primary goal of the campaign is to raise awareness.

Question 33

Which social engineering technique involves searching through a target’s trash or discarded items to obtain sensitive or valuable information?

a. Diversion theft
b. Shoulder surfing
c. Eavesdropping
d. Dumpster diving

Answer 33

d. Dumpster diving

Question 34

Which social engineering attack involves an attacker creating a fabricated scenario to manipulate or deceive someone into divulging confidential information?

a. Pretexting
b. Dumpster diving
c. Shoulder surfing
d. Eavesdropping

Answer 34

a. Pretexting

Form of social engineering where attackers create a scenario or pretext to manipulate/deceive someone into sharing confidential information.

Question 35

Which of the following is a common motivational trigger used in social engineering attacks to manipulate victims to act or respond without taking time to think about the consequences?

a. Likability
b. Authority
c. Urgency
d. Social proof

Answer 35

c. Urgency