Social Engineering Flashcards

1
Q

By only visiting websites via a trusted search engine and landing on legitimate pages you avoid drive by downloads entirely.

True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Spear phishing can be differentiated from other types of phishing by their use of the latest news sources to create a believable story.

True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which DDoS attack spoofs the source address of a broadcast ping packet to overwhelm the victim with ping replies?

ICMP Flood
Smurf Attack
Ping of Death
None of the above

A

Smurf Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the distiguishing feature of a pretexting attack?

An excuse is devised in advance in case the attacker is caught trespassing.
A text message is sent beforehand in an attempt to legitimize the attacker’s visitors.
A story is devised to cast legitimacy and garnish cooperation during the interaction with the victim.

A

A story is devised to cast legitimacy and garnish cooperation during the interaction with the victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is an attack involving leaving infected data storage devices near areas victims will cross, in hopes they will plug them into systems with valuable information?

Avenue Avocado
Court Pear
Road Apple
Highway Banana

A

Road Apple

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which measure(s) could be used to stop a DDoS attack against your device?

Install an anti-virus
Make use of an Intrusion Prevention System
Make your device drop all ICMP packets
All of the above.

A

Make your device drop all ICMP packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are ways to help prevent pretexting attacks?

Implement identity verification congruent with the security level being sought.
Contact the inquisitor’s company by looking them up, and not a number given by the inquisitor.
Calling your supervisor if unsure of how to proceed.
All of the above.

A

All of the above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Drive by downloads can occur even on legitimate websites without the hosting party’s knowledge.

True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is an indicator that a received e-mail may be a Phishing attempt?

No introduction or signature blocks in an e-mail.
A claim that there’s a problem with your account and a link to a website.
A power failure occurs shortly after opening an e-mail.
None of the above.

A

A claim that there’s a problem with your account and a link to a website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can you help prevent drive by downloads?

Use an out of date browser to trick attackers targeting newer software.
Only use your admin account for program installations.
Use your admin account at all times so anti-virus scans run with the highest privilege.
Input IP addresses directly into the URL bar, avoiding compromised DNS servers.
None of the above.

A

Input IP addresses directly into the URL bar, avoiding compromised DNS servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following measures is least likely to help against infected removable storage devices?

Disable Autoplay.
Have an approved software list.
Enforce anti-virus use.
Mandate periodic awareness training.

A

Have an approved software list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following would not help preventing Phishing attempts?

Forwarding a suspected e-mail to a colleague to see what he thinks.
Protecting of accounts by using multi-factor authentication.
Utilizing security software, such as an anti-virus.
Forwarding suspected e-mails to the Anti-Phishing Working Group

A

Forwarding a suspected e-mail to a colleague to see what he thinks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do Drive-by downloads take advantage of:

Insecure applications
Outdated applications
Vulnerable operating systems
All of the above

A

All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What can you do to minimize the chances of being a target of spear phishing?

Keep up with the latest news publications.
Minimize personal information you share online.
Get on a first name basis with your local Network Enterprise Center technicians.
None of the above

A

Minimize personal information you share online.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Drive-by downloads require users to interact with the page in order for malicious code to download.

True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is a type of DoS attack.

SYN Flood
FIN Flood
ACK Flood
RST Flood

A

SYN Flood

17
Q

What is the defining feature of a Quid Pro Quo attack?

A threat is made on yourself should you not comply
It is perpetrated by an individual outside your organization.
The attack is custom tailored to the specific individual being contacted.
Something of perceived value is offered for whatever is being requested.

A

Something of perceived value is offered for whatever is being requested.

18
Q

By checking for a padlock next to a website’s URL you can be sure that it is a legitimate website and not an attacker’s spoofed website.

True
False

A

False