CompTIA Security+ SY0-701 Exam - Social Engineering Quiz (8)
A BEC attack is an example of:
phishing
Which of the answers listed below refers to a social engineering technique where an attacker creates a fabricated scenario or situation to deceive the victim into revealing sensitive information?
pretexting
In email communication, what signs can be of help in recognizing a phishing attempt?
the message contains poor spelling and grammar; the message asks for personal information; the message includes a call to action with a sense of urgency; the message includes suspicious links or attachments
A fake website mimicking a legitimate online retailer, designed to steal user login credentials is an example of:
brand impersonation
Which of the following terms best describes deliberately false or misleading information spread with the intent to deceive or manipulate?
disinformation
What would be an appropriate user response to an email phishing attempt?
not replying to the message or providing any personal information; reporting the message to the IT or security department, if applicable; deleting the message from the inbox; not clicking on any links or downloading any attachments in the message
A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:
phishing
Which of the following answers refers to a social engineering attack that exploits SMS or text messages to deceive recipients into taking harmful actions, such as revealing sensitive information or clicking malicious links?
smishing
The practice of using a telephone system to manipulate user into disclosing confidential information is known as
vishing
Which of the following terms refers to a common platform for watering hole attacks?
websites
Which type of social engineering attack relies on identity fraud?
impersonation
Which of the terms listed below refers to false or misleading information that is spread unintentionally?
misinformation
The term "Typosquatting" refers to a deceptive practice involving the deliberate registration of domain names with misspellings or slight variations that closely resemble well-established and popular domain names. The primary goal of this strategy is to exploit the common typographical errors made by users while entering URLs into their web browser's address bar. Beyond capturing inadvertent traffic, typosquatting may also be used for hosting phishing sites to trick users into divulging sensitive information, distributing malware through deceptive websites, generating ad revenue by redirecting mistyped traffic, or engaging in brand impersonation to harm the reputation of authentic brands or deceive users.
true
What is the best countermeasure against social engineering attacks?
user education
