Module 36 - Social Engineering - Q&A Flashcards
Which of the following elements is attacked by social engineering techniques? A. Encryption B. People C. Authentication D. Policy
B. Social engineering attacks target the people who work in and are associated with an organization.
Which of the following are human weaknesses that social engineers target? (Choose two.) A. Desire for acceptance B. Desire to be left alone C. Desire to help D. Lack of security training
A, C. Social engineering targets human weaknesses that stem from the desire to be liked or accepted, as well as the desire to help others.
All of the following are potential social engineering attack targets within an organization, except.
A. A business partner’s system administrator
B. The company senior executives
C. A competitor’s security engineer
D. A subcontractor’s administrative assistant
C. A competitor’s security engineer is an unlikely target because she will not have any information of value, nor is she able to perform any actions within the organization that may benefit the attacker.
Which of the following attacks is conducted by trying to get a view of sensitive information on a user's screen? A. Dumpster diving B. Tailgating C. Eavesdropping D. Shoulder surfing
D. Shoulder surfing is an attack in which the perpetrator tries to view sensitive information on a user’s screen.
You are a security administrator in a company, and a user has just forwarded a suspicious e-mail to you that directs the user to click a link to a banking web site and enter their credentials to verify the account. What type of social engineering attack is being attempted? A. Phishing B. Vishing C. Man-in-the middle D. E-mail hoax
A. A phishing attack is conducted by sending an e-mail to an unsuspecting user in an attempt to get the user to click a link in the e-mail and enter sensitive information, such as credentials or other personal information, into the site.
An attacker who is pretending to be a known user within the organization is said to be conducting a(n) \_\_\_\_\_\_cattack. A. impersonation B. physical C. consensus/social proof D. scarcity
A. In an impersonation attack, an attacker pretends to be a known user within the organization in order to persuade a target to give him information or carry out an action for him.
An attacker calls an administrative assistant and tells him that she is the new executive assistant for the company senior vice president. She claims the VP is traveling, and she needs access to certain sensitive files in a file share. The attacker ties to bully the admin assistant into giving her permissions to the file share by threatening to have him fired if he doesn't oblige. Which two characteristics of human behavior is the attacker trying to take advantage of in this attack? (Choose two.) A. Trust B. Fear of authority C. Social proof D. Respect of authority
B. D. The attacker is taking advantage of the human tendency to fear and respect authority figures.
An attack who promises to obtain something that is hard to get for the target is using what kind of tactic? A. Intimidation B. Trust C. Scarcity D. Social proof
C. Scarcity is a tactic used during a social engineering attack in which the attacker promises to get the target something of value that is normally hard to get.
A person calls and tells you that he has locked his account because he forgot his remote access password. He tells you that he doesn't have time to come down to your desk and positively identify himself because he is offsite at a customer facility and must present an important briefing to the customer within the next few minutes. He insists that he needs his remote access password changed immediately, but promises to come and see you after he returns to the office to verify his identity. What kind of social engineering tactic is being used in this attack? A. Authority B. Familiarity C. Intimidation D. Urgency
D. The attacker is trying to use a tactic involving urgency of need in order to get the remote access password reset, without having his identity verified.
Which of the following is considered the best defense against social engineering attacks?
A. Increased authentication measures
B. Increased punishment and consequences for workers
C. Increased training and education
D. Increased physical security controls
C. Training and educating organizational personnel is considered the best defense against social engineering attacks.