Cybersecurity MIS 399 - Chapter 4 (Quiz 2)
A user receives an e-mail warning of a dangerous computer virus and instructing the user to delete files it claims were put there by the virus. However, the files are actually critical system files. Which term describes this scenario? A. Social engineering B. Reverse social engineering C. A hoax D. Phishing
A hoax
Which statement describes how an attacker can open up a backdoor? A. A user can install an unsecured wireless access point so that they can access the organization's network from many different areas. B. An attacker can follow closely behind a person who has just used their own access card or PIN to gain physical access to a room or building. C. An attacker leave the door to a room or building ajar. D. An attacker simply looks over the shoulder of a user at work, watching as a coworker enters their password.
A user can install an unsecured wireless access point so that they can access the organization's network from many different areas.
Which statement describes how dumpster diving is accomplished? A. An attacker directly observes the target entering sensitive information on a form, keypad, or keyboard. B. An attacker changes URLs in a server's domain name table. C. An attacker watches what a user discards into the Windows recycle bin on the user's computer. D. An attacker attempts to find little bits of information that could be useful for an attack in a target trash can.
An attacker attempts to find little bits of information that could be useful for an attack in a target trash can.
Which statement describes how shoulder surfing is accomplished? A. An attacker attempts to find little bits of information in a target trash can. B. An attacker directly observes the target entering sensitive information on a form, keypad, or keyboard. C. An attacker follows closely behind a person who has just used their own access card or PIN to gain physical access to a room or building. D. An attacker masquerades as a trusted entity in an e-mail or instant message sent to a large group of often random users.
An attacker directly observes the target entering sensitive information on a form, keypad, or keyboard.
Which statement describes how reverse social engineering is accomplished? A. An attacker attempts to find little bits of information that could be useful for an attack in a target trash can. B. An attacker tries to convince the target to initiate contact and then gets the target to give up confidential information. C. An attacker uninstalls software on an unsuspecting user's computer. D. An attacker initiates a conversation with the target to obtain confidential information.
An attacker tries to convince the target to initiate contact and then gets the target to give up confidential information.
Which statement describes an example of a poor security practice? A. An organization hires employees that challenge personnel without proper ID. B. An organization allows their users to load software with the knowledge and assistance of administrators. C. An organization allows flower and pizza deliveries to a guard's desk only. D. An employee creates a good password and then uses it for all accounts.
An employee creates a good password and then uses it for all accounts.
Which statement identifies a good first step for companies to take to fight potential social engineering attacks? A. Buy the latest virus protection software and install on the systems. B. Establish policies and procedures dictating the roles and responsibilities all users, as well as security administrators. C. Monitor all phone calls and check logs on a daily basis. D. Conduct background checks on all contractors, consultants, delivery persons, and partners that may have access to the facilities.
Establish policies and procedures dictating the roles and responsibilities all users, as well as security administrators.
T/F? Dumpster diving occurs when a hacker gains access to a computer and tries to recover files from the recycle bin in the hopes of finding privileged information.
False
T/F? Setting up a rogue access point is a good way to prevent social engineering attacks.
False
T/F? The only means of social engineering is through direct contact between the target and the attacker.
False
What common password character combinations do users tend to use when creating passwords? A. All capital letters B. Passwords that are too long C. Names of family, pets, or teams D. Numbers only
Names of family, pets, or teams
What is a paradox of social engineering attacks? A. An attack can compromise an organization's corporate secrets yet identify the organization's greatest assets. B. People are not only the biggest problem and security risk but also the best tool in defending against an attack. C. A social engineering security breach may actually highlight how unhelpful an organization's employees can be. D. Attacks happen frequently, yet little corporate data is stolen.
People are not only the biggest problem and security risk but also the best tool in defending against an attack.
Which statement describes why social engineering is successful? A. People tend to forgo personal egos to better an organization. B. People have a basic desire to withhold information for personal gain. C. People have a basic desire to be helpful. D. People with a higher status may be coerced into providing information to those of lower status.
People have a basic desire to be helpful.
What activity is most effective for encouraging an awareness of issues such as social engineering and good security habits in employees? A. Wearing ID badges B. Using biometric scanners C. Backing up data D. Providing training
Providing training
Which statement describes the security risk of installing games on an organization's system? A. The games may not be compatible with the operating system version. B. The software may contain a piece of malicious code capable of opening a backdoor. C. The users may play during work hours instead of during breaks. D. The games may take up too much memory on the computer and slow down processing making it difficult to work.
The software may contain a piece of malicious code capable of opening a backdoor.
Which statement accurately describes how pharming is accomplished? A. The attacker attempts to engage the target in conversation and tries to evoke sympathy so that the target feels sorry for the individual and is more prone to provide information. B. The attacker acts as a custodian and while watering the organization's plants, he places cameras to record keystrokes. C. The attacker gathers prominent bits of information from the organization's recycling/trash. D. The user is directed to a fake web site as a result of modification of local host files, which are used to convert URLs to the appropriate IP address.
The user is directed to a fake web site as a result of modification of local host files, which are used to convert URLs to the appropriate IP address.
T/F? Phishing is the most common form of social engineering attack related to computer security.
True
T/F? Shoulder surfing occurs when the attacker simply looks over the shoulder of a user at work, watching as a coworker enters their password.
True
T/F? Voice communication caller ID systems can be spoofed.
True
Which statement explains why vishing is successful? A. Vishing is successful because people desire to be helpful. B. Vishing is successful because individuals normally seek to avoid confrontation and trouble. C. Vishing is successful because of the trust that individuals place in the telephone system. D. Vishing is successful because people tend to trash information that might be used in a penetration attempt.
Vishing is successful because of the trust that individuals place in the telephone system.
