CH. 4 SOCIAL ENGINEERING, PHYSICAL, AND PASSWORD ATTACKS

JOANNA RECOVERS A PASSWORD FILE WITH PASSWORDS STORED AS MDS HASHES. WHAT TOOL CAN SHE USE TO CRACK THE PASSWORDS? A. MD5SUM B. JOHN THE RIPPER C. GPG D. NETCAT

B. JOHN THE RIPPER

WHT TYPE OF MALICIOUS ACTOR IS MOST LIKELY TO USE HYBRID WARFARE? A. A SCRIPT KIDDIE B. A HACKTIVIST C. AN INTERNAL THREAT D. A NATION-STATE

D. A NATION-STATE

ALAINA SUSPECTS THAT HER ORGANIZATION MAY BE TARGETED BY A SPIM ATTACK. WHAT TECHNOLOGY IS SHE CONCERNED ABOUT? A. SPAM OVER INSTANT MESSAGING B. SOCIAL PERSUASION AND INTIMIDATION BY MANAGERS C. SOCIAL PERSUASION BY INTERNET MEDIA D. SPAM OVER INTERNAL MEDIA

A. SPAM OVER INSTANT MESSAGING

BEN SEARCHES THROUGH AN ORGANIZATION'S TRASH LOOKING FOR SENSITIVE DOCUMENTS, INTERNAL NOTES, AND OTHER USEFUL INFORMATION. WHAT TERM DESCRIBES THIS TYPE OF ACTIVITY? A. WASTE ENGINEERING B. DUMPSTER DIVING C. TRASH PHARMING D. DUMPSTER HARVESTING

B. DUMPSTER DIVING

ALEX DISCOVERS THAT THE NETWORK ROUTERS THAT HIS ORGANIZATION HAS RECENTLY ORDERED ARE RUNNING A MODIFIED FIRMWARE VERSION THAT DOES NOT MATCH THE HAS PROVIDED BY THE MANUFACTURER WHEN HE COMPARES THEM. WHAT TYPE OF ATTACK SHOULD ALEX CATEGORIZE THIS ATTACK AS? A. AN INFLUENCE CAMPAIGN B. A HOAX C. A SUPPLY CHAIN ATTACK D. A PHARMING ATTACK

C. A SUPPLY CHAIN ATTACK

WHAT TECHNIQUE IS MOST COMMONLY ASSOCIATED WITH THE USE OF MALICIOUS FLASH DRIVES BY PENETRATION TESTERS? A. MAILING THEM TO TARGETS B. SNEAKING THEM INTO OFFICES AND LEAVING THEM IN DESK DRAWERS C. DISTRIBUTING THEM IN PARKING LOTS AS THOUGH THEY WERE DROPPED D. PACKING THEM TO LOOK LIKE A DELIVERY AND DROPPING THEM OFF WITH A TARGET'S NAME ON THE PACKAGE

C. DISTRIBUTING THEM IN PARKING LOTS AS THOUGH THEY WERE DROPPED

WHEN YOU COMBINE PHISHING WITH VOICE OVER IP, IT IS KNOWN AS: A. SPOOFING B. SPOONING C. WHALING D. VISHING

D. VISHING

SELAH INFECTS THE ADS ON A WEBSITE THAT USERS FROM HER TARGET COMPANY FREQUENTLY VISIT WITH MALWARE AS PART OF HER PENETRATION TEST. WHAT TECHNIQUE HAS SHE USED? A. A WATERING HOLE ATTACK B. VISHING C. WHALING D. TYPOSQUATTING

A. A WATERING HOLE ATTACK

WHEN A CALLER WAS RECENTLY DIRECTED TO AMANDA, WHO IS A JUNIOR IT EMPLOYEE AT HER COMPANY, THE CALLER INFORMED HER THAT THEY WERE THE HEAD OF IT FOR HER ORGANIZATION AND THAT SHE NEEDED TO IMMEDIATELY DISABLE THE ORGANIZATION'S FIREWALL DUE TO AN ONGOING ISSUE WITH THE E-COMMERCE WEBSITE. AFTER AMANDA MADE THE CHANGE, SHE DISCOVERED THAT THE CALLER AS NOT THE HEAD OF IT, AND THAT IT WAS ACTUALLY A PENETRATION TESTER HIRED BY HER COMPANY. WHICH SOCIAL ENGINEERING PRINCIPLE BEST MATCHES THIS TYPE OF ATTACK? A. AUTHORITY B. CONDENSUS C. SCARCITY D. TRUST

A. AUTHORITY

CHARLES WANTS TO FIND OUT ABOUT SECURITY PROCEDURES INSIDE HIS TARGET COMPANY, BUT HE DOESN'T WANT THE PEOPLE HE IS TALKING TO REALIZE THAT HE IS GATHERING INFORMATION ABOUT THE ORGANIZATION. HE ENGAGES STAFF MEMBERS IN CASUAL CONVERSATION TO GET THEM TO TALK ABOUT THE SECURITY PROCEDURES WITHOUT NOTICING THAT THEY HAVE DONE SO. WHAT TERM DESCRIBES THIS PROCESS IN SOCIAL ENGINEERING EFFORTS? A. ELICITATION B. SUGGESTION C. PHARMING D. PREPENDING

A. ELICITATION

WHICH OF THE FOLLOWING IS THE BEST DESCRIPTION OF TAILGATING? A. FOLLOWING SOMEONE THROUGH A DOOR THEY JUST UNLOCKED B. FIGURING OUT HOW TO UNLOCK A SECURED AREA C. SITTING CLOSE TO SOMEONE IN A MEETING D. STEALING INFORMATION FROM SOMEONE'S DESK

A. FOLLOWING SOMEONE THROUGH A DOOR THEY JUST UNLOCKED

ALAINA DISCOVERS THAT SOMEONE HAS SET UP A WEBSITE THAT LOOKS EXACTLY LIKE HER ORGANIZATION'S BANKING WEBSITE. WHICH OF THE FOLLOWING TERMS BEST DESCRIBES THIS SORT OF ATTACK? A. PHISHING B. PHARMING C. TYPOSQUATTING D. TAILGATING

B. PHARMING

ALAN READS SUSAN'S PASSWORD FROM ACROSS THE ROOM AS SHE LOGS IN. WHAT TYPE OF TECHNIQUE HAS HE USED? A. A MAN-IN-THE-ROOM ATTACK B. SHOULDER SURFING C. A MAN-IN-THE-MIDDLE ATTACK D. PRETEXTING

B. SHOULDER SURFING

WHAT TYPE OF PHISHING TARGETS SPECIFIC GROUPS OF EMPLOYEES, SUCH AS ALL MANAGERS IN THE FINANCIAL DEPARTMENT OF A COMPANY? A. SMISHING B. SPEAR PHISHING C. WHALING D. VISHING

B. SPEAR PHISHING

NAOMI RECEIVES A REPORT OF SMISHING. WHAT TYPE OF ATTACK SHOULD SHE BE LOOKING FOR? A. COMPRESSED FILES IN PHISHING B. TEXT MESSAGE-BASED PHISHING C. VOICEMAIL-BASED PHISHING D. SERVER-BASED PHISHING

B. TEXT MESSAGE-BASED PHISHING

NICOLE ACCIDENTALLY TYPES WWW.SMAZON.COM INTO HER BROWSER AND DISCOVERS THAT SHE IS DIRECTED TO A DIFFERENT SITE LOADED WITH ADS AND POP-UPS. WHICH OF THE FOLLOWING IS THE MOST ACCURATE DESCRIPTION OF THE ATTACK SHE HAS EXPERIENCED? A. DNS HIJACKING B. PHARMING C. TYPOSQUATTING D. HOSTS FILE COMPROMISE

C. TYPOSQUATTING

SHARIF RECEIVES A BILL FOR SERVICES THAT HE DOES NOT BELIEVE HIS COMPANY REQUESTED OR HAD PERFORMED. WHAT TYPE OF SOCIAL ENGINEERING TECHNIQUE IS THIS? A. CREDENTIAL HARVESTING B. A HOAX C. RECONNAISSANCE D. AN INVOICE SCAM

D. AN INVOICE SCAM

SKIMMING ATTACKS ARE OFTEN ASSOCIATED WITH WHAT NEXT STEP BY ATTACKERS? A. PHISHING B. DUMPSTER DIVING C. VISHING D. CLONING

D. CLONING

LUCCA'S ORGANIZATION RUNS A HYBRID DATACENTER WITH SYSTEMS IN MICROSOFT'S AZURE CLOUD AND IN A LOCAL FACILITY . WHICH OF THE FOLLOWING ATTACKS IS ONE THAT HE CAN ESTABLISH CONTROLS FOR IN BOTH LOCATIONS? A. SHOULDER SURFING B. TAILGTING C. DUMPSTER DIVING D. PHISHING

D. PHISHING

A CALLER REACHED A MEMBER OF THE IT SUPPORT PERSON AT CARLOS'S COMPANY AND TOLD THEM THAT THE CHAIRMAN OF THE COMPANY'S BOARD WAS TRAVELING AND NEEDED IMMEDIATE ACCESS TO HIS ACCOUNT BUT HAD BEEN SOMEHOW LOCKED OUT. THEY TOLD THE IT SUPPORT PERSON THAT IF THE BOARD MEMBER DID NOT HAVE THEIR PASSWORD RESET, THE COMPANY COULD LOSE A MAJOR DEAL. IF CARLOS RECEIVES A REPORT ABOUT THIS, WHICH OF THE PRINCIPLES OF SOCIAL ENGINEERING SHOULD HE CATEGORIZE THE ATTACKER'S EFFORTS UNDER? A. SCARCITY B. FAMILIARITY C. CONSENSUS D. URGENCY

D. URGENCY