14.5.7 Social Engineering Attacks
Which type of DoS attack exhausts the target's resources by overloading a specific program or service?
Application layer
What do you call a system that has no anti-malware or firewall installed?
Unprotected
A malicious person calls an employee from a cell phone. She tells the employee that she is the vice president over the accounting department in the employee's company. She relates that she has forgotten her password and demands that the employee give her his password so that she can access the reports she needs for an upcoming presentation. She threatens to fire the employee if he does not comply. Which of the following BEST describes the type of attack that just occurred?
Vishing
Which of the following attacks exploits a vulnerability in software that has not been discovered by the developer?
Zero-day attack
At company headquarters, several employees are having issues with their Wi-Fi access suddenly dropping and then reconnecting to the same wireless network. You decide to investigate and determine that someone has set up a rogue access point near company headquarters and is using it to capture sensitive data from the company network. Which type of social engineering attack is being used?
Evil twin
You have been hired to help assess the security of your client's organization. During your assessment, you have found a rogue wireless access point that is configured to look identical to the legitimate wireless network. Which of the following attacks was MOST likely being carried out?
Evil twin attack
Which of the following should you implement to monitor and manage the risks of a BYOD policy?
Mobile device management
Which of the following are risks of implementing a BYOD policy? (Select three.)
Number of different devices Data leakage Improper disposal
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site?
Phishing
You have been hired to investigate a recent cybersecurity attack. You have discovered that the attacker was able to send commands to the server using the login fields and steal user credentials from the database. Which of the following attacks was your client MOST likely the victim of?
SQL injection
