Chapter 10
Social engineering can be thwarted using what kinds of controls? a. technical b. administrative c. physical d. proactive controls
a. b. c. - technical, admistrastic and physical. Technolgy alone cannot stop the impact of social engineering and must be accompanied by other mechanisms as well, such as eduation. The strongest defense against social engineering tends to be proper training and education.
Social engineering is designed to____? a. manipulate human behavior b. make people distrustful c. infect a system d. gain a physical advantage
a. manipulate human behavior. Social engineering is designed to exploit human nature with the intention of gaining information.
Which mechanism can be used to influence a targeted individual? a. means of dress or appearance b. technological controls c. physical controls d. training
a. means of dress or appearance. appearance can easily impact the opinion that an individual or a group has about someone. The other options here are types of countermeasures used to stop physical attacks.
Social engineering can use all the following except? a. technology b. people c. human nature d. physical
all....the targets of social engineering are people and the weaknesses present in human beings.
Phishing takes place using ____? a. instant messaging b. email c. websites d. piggybacking
b. email. Phishing is performed using email to entice the target to provide info of a sensitive nature.
Human beings tend to follow set patterns and behaviors known as ____? a. repetition b. habits c. primacy d. piggybacking
b. habits. Habits are set patterns of behavior that individuals tend to follow or revert to frequently.
When talking to a victim, using _____ can make an attack easier. a. eye contact b. keywords c. jargon d. threats
b. keywords. Using keywords or buzzwords can make a victim believe the attacker is in the know about how a company works.
Social engineering can be used to carry out email campaigns known as ______? a. spamming b. phishing c. vishing d. splashing
b. phishing. Phishing is a social engineering attack designed to gather information from victims using email.
What is the best option for thwarting social-engineering attacks? a. technology b. training c. policies d. physical controls
b. training. Training is the best and most effective method of blunting the impact of social engineering. Addressing the problem through education can lesson the need for some countermeasures.
What is a vulnerability scan designed to provide to those executing it? a. a way to find open ports b. a way to diagram a network c. a proxy attack d. a way to reveal vulnerabilities
d. a way to reveal vulnerabilities. a vulnerability scan is designed to pick up weaknesses in a system. Such scans are typically automated.
A security camera pciks up someone who doesn't work at the copmay following closely behind an employee while they enter the building. What type of attack is taking place? a. phishing b. walking c. gate running d. tailgating
d. tailgating. This attack is called tailgating and involves a person being closely followed by another individual through a door or entrance.
Social engineering can use all the following except ___? a. mobile phones b. instant messaging c. trojan horses d. viruses
d. viruses. Social engineering takes advantage of many mechanisms including trojan horses, but it does not use viruses. However, IM, mobile phones, and trojan horses are all effective tools for social engineering.
Physihing can be migrated through the use of _____? a. spam filtering b. education c. antivirus d. anti-malware
a,b. spam filtering and education....are tremendously helpful at lessening the impact of phishing. Pure antivirus and anti-malware typically do not include this functionality unless they are part of a larger suite.
Training and education of end uers can be used to prevent? a. phishing b. tailgating/piggybacking c. session hijacking d. wireshark
a. phishing and b. tailgating/piggybacking. Training and edcuation are specifically used to prevent the practice of tailgating or piggybacking. Attacks such as session hijacking can't be prevented through training and education of end users.
Jennifer receives an email claiming that her bank acct info has been lost & that she needs to click a link to update the banks db. However, she doesn't recognize the bank, b/c it is not one she does business with. What type of attack is she being presented with? a. phishing b. spam c. whaling d. vishing
a. phishing. This type of attack is a clear example of phishing: an attack crafts an attractive-looking email with the intention of enticing the victim to perform an action.
Jason receives notices that he has unauthorized charges on his credit card account. What type of attack is Jason a victim of? a. social engineering b. phishing c. identify theft d. bad luck
c. identify theft. This attack is most likely the result of identify theft, and while we don't know exactly how it was stolen, candidates include phishing, social engineering, keyloggers, or Trojan horses.
Jason notices that he is receiving mail, phone calls, and other requests for information. He has also noticed some problems with his credit checks such as bad debts and loans he did not participate in. What type of attack did Jason become a victim of? a. social engineering b. phishing c. identity theft d. bad luck
c. identity theft. This attack is most likely a result of identity theft. The information to carry out this attack may have been obtained through the use of techniques such as phishing or social engineering. However, those techniques can be used for other attacks as well and not just identify theft.
In social engineering a proxy is used to ____? a. assist in scanning b. perform a scan c. keep an attackers origin hidden d. automate the discovery of vulnerabilities
c. keep an attackers origin hidden. An attacker could keep their activities masked and covered up to prevent themselves from being discovered.
An attacker can use which technique to influence a victim? a. tailgating b. piggybacking c. name-dropping d. acting like tech support
c. name-dropping. Name-dropping can be used by an attacker to make a victim believe the attacker has power or knows people who are in power.
Janet receives an email enticing her to click a link. But when she clicks this link she is taken to a website for her bank, asking her to reset her account info. However, Janet noticed that the bank is not hers and the website is not for her bank. What type of attack is this? a. whaling b. vishing c. phishing d. piggybacking
c. phishing. This is an example of phishing because if involve enticing the user to click a link and presumably provide information.