Social Engineering

Question 1

Type of social engineering in which an in attacker attempts to obtain sensitive information from users by masquerading as a trusted entity in an email or instant message sent to a large group are often random users 

Answer 1

Phishing

Question 2

Variation of phishing that uses voice communication technology to obtain the information the attacker is seeking


Answer 2

Vishing

Question 3

Bulk unsolicited email 

Answer 3

Spam

Question 4

Spam that is delivered over instant messaging 

Answer 4

Spam over Instant messaging (SPIM)

Question 5

A phishing attack that targets, a specific person, or group of people, with some thing in common 

Answer 5

Spear phishing

Question 6

The process of going through targets trash in hopes of finding valuable information that might be used in a penetration attempt 

Answer 6

Dumpster diving

Question 7

The attacker directly observes, the individual entering sensitive information on a form, keypad or keyboard 

Answer 7

Shoulder surfing

Question 8

Miss directing users to fake websites made to look official. using phishing attackers target individuals one by one by sending out emails. 

Answer 8

Pharming

Question 9

Simple tactic, of following closely behind a person who has just use their own access card or pin to gain physical access to a room or building 

Answer 9

Tailgating

Question 10

Use a wide range of psychological techniques to convince people whose main job is to help others to perform tasks, resulting in security compromises. This can include calls to or from helpdesk and tech-support units.

Answer 10

Eliciting information 

Question 11

The target is a high value person such as a CEO or CFO 

Answer 11

Whaling

Question 12

The act of adding something else to the beginning of an item. In terms of social engineering, this is the active supplying information that another will act upon frequently before they ask for it, in an attempt to legitimate Mize, the actual request, which comes later


Answer 12

Prepending

Question 13

The use of fake credentials to achieve an end 

Answer 13

Identify fraud

Question 14

Use a fake invoice in an attempt to get a company to pay for things that has not order. 

Answer 14

Invoice scam

Question 15

The collection of credential information such as user IDs passwords, and so on enabling an attacker a series of access passes to the system 

Answer 15

Credential harvesting 

Question 16

An adversary will examine the system that they intend to attack using a wide range of methods

Answer 16

Reconnaissance

Question 17

Makes a user aware of a false issue and gets the user to do something or spread information.

Answer 17

Hoax

Question 18

Attacker assumes the role of somebody at the victim may know

Answer 18

Impersonation

Question 19

Using previously obtain the information about a project deadline bosses, and so on the attacker one arrives with some thing the victim is semi expecting, or would see as normal to uses the guise of a project in trouble, or some other situation with the attacker will be viewed as helpful or someone not too upset and three name drop the contact of somebody higher up who happens to be out of officer unreachable does avoiding the reference check

Answer 19

Third-party authorization 

Question 20

When a company uses outside parties or contractors for simple tasks, like watering plants or cleaning, the attacker could simply dress up and go out an off time pretending they’re covering for someone 

Answer 20

Contractors /outside parties 

Question 21

An example of this would be where an attacker plants malware on a site at and waits for an unsuspecting victim to come across it 

Answer 21

Watering hole attack

Question 22

If a user, miss types a URL, then the result should be a 404 error or a resource not found but if an attacker has registered the miss typed URL, then the user would land on the attackers page 

Answer 22

Typosquatting 

Question 23

Type of an attack where the attacker uses a narrative to influence the victim into giving up some item of information

Answer 23

Pretexting

Question 24

Involve the use of collected information and selective publication of material to Chi individuals and attempt to alter perceptions and change peoples minds on a
Topic 

Answer 24

Influence campaigns