Security + Test Questions Examcompass #1

Question 1

A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:

Answer 1

Phishing

Question 2

Which of the following answers refer to smishing? (Select 2 answers)

Answer 2

Social engineering technique
Text messaging

Question 3

The practice of using a telephone system to manipulate user into disclosing confidential information is known as:

Answer 3

Vishing

Question 4

Which of the following terms is commonly used to describe an unsolicited advertising message?

Answer 4

Spam

Question 5

What type of spam relies on text-based communication?

Answer 5

SPIM (Spam Over Instant Messaging)
SpIT (Spam over Internet Telephony)

Question 6

Phishing scams targeting a specific group of people are referred to as:

Answer 6

Spear phishing

Question 7

In computer security, the term “Dumpster diving” is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.

Answer 7

True

Question 8

A situation in which an unauthorized person can view another user’s display or keyboard to learn their password or other confidential information is referred to as:

Answer 8

Shoulder surfing

Question 9

Which of the following answers refer to the characteristic features of pharming? (Select 3 answers)

Answer 9

Credential harvesting

Question 10

What is tailgating?

Answer 10

Gaining unauthorized access to restricted areas by following another person

Question 11

In social engineering, the term “Elicitation” describes the use of casual conversation to extract non-public information from people without giving them the feeling they are being interrogated.

Answer 11

True

Question 12

Phishing scams targeting people holding high positions in an organization or business are known as:

Answer 12

Whaling

Question 13

Which of the following is used in data URL phishing?

Answer 13

Prepending

Question 14

An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:

Answer 14

Virus hoax

Question 15

Which social engineering attack relies on identity theft?

Answer 15

Impersonation

Question 16

Which of the terms listed below refers to a platform used for watering hole attacks?

Answer 16

Websites

Question 17

The term “URL hijacking” (a.k.a. “Typosquatting”) refers to a practice of registering misspelled domain name closely resembling other well established and popular domain name in hopes of getting Internet traffic from users who would make errors while typing in the URL in their web browsers.

Answer 17

True

Question 18

An attacker impersonates a company’s managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply. Which social engineering principles apply to this attack scenario? (Select 3 answers)

Answer 18

Urgency, Authority and Intimidation

Question 19

An attacker impersonating a software beta tester replies to a victim’s post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app. Which social engineering principles apply to this attack scenario? (Select 3 answers)

Answer 19

Scarcity, Familiarity and Trust

Question 20

While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware. Which social engineering principle applies to this attack scenario?

Answer 20

Consensus

Question 21

Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as:

Answer 21

Malware

Question 22

Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action is known as:

Answer 22

Ransomware

Question 23

A type of software that performs unwanted and harmful actions in disguise of a legitimate and useful program is known as a Trojan horse. This type of malware may act like a legitimate program and have all the expected functionalities, but apart from that it will also contain a portion of malicious code that the user is unaware of.

Answer 23

True

Question 24

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called:

Answer 24

Worm

Question 25

What is Bracketing

Answer 25

Providing a high and low estimate in order to entice a more specific number

Question 26

What is Confidential bait

Answer 26

Pretending to divulge confidential information in hopes of receiving confidential information in return

Question 27

What is Deliberate false statements

Answer 27

Saying something wrong in the hopes that the person will correct the statement with true information

Question 28

What is Feigned ignorance

Answer 28

Pretending to be ignorant of a topic in order to exploit the person’s tendency to educate

Question 29

What is Denial of the obvious

Answer 29

Saying something wrong in the hopes that the person will correct the statement with true information

Question 30

Flattery

Answer 30

Using praise to coax a person into providing information