CYBR 4361 (Mod 6 Test)
Given below are the different phases involved in a social engineering attack. 1. Develop a relationship 2. Research the target company 3. Select a target 4. Exploit the relationship Identify the correct sequence of steps involved in a social engineering attack.
2 -> 3 -> 1 -> 4
Which of the following guidelines will NOT be addressed in physical security policies?
Be sure to lock or shut down the computer before stepping away from it
In which of the following attacks does an attacker send an email or message to the target offering free gifts such as money and software on the condition that the user forwards the email to a predetermined number of recipients?
Chain letters
Jim, a notorious hacker, has created a falsified video of a senior journalist using AI. For this purpose, he used the previously recorded audio and video samples of the targeted person and made similar recordings to fool the end users into making them trust him as a legitimate entity. Identify the type of attack performed by Jim in the above scenario.
Deepfake attack
Which of the following types of insiders has the primary intention of taking revenge on the company and keeps waiting for the appropriate time to perform an attack to compromise the organization's resources?
Disgruntled employee
In which of the following social engineering techniques does an attacker trick a delivery person into delivering the consignment to a location other than the intended location?
Diversion theft
Which of the following techniques encompasses all forms of identity theft, where the perpetrators attempt to impersonate someone else to hide their identity and escape from creditors or simply become "anonymous"?
Identity cloning and concealment
Which of the following is an appropriate defense strategy to prevent attacks such as piggybacking and tailgating?
Implement strict badge, token or biometric authentication, employee training, and security guards
Which of the following threats is closely related to medical identity theft?
Insurance identity theft
Which of the following indicators implies that an email is legitimate and not a phishing email?
It includes links to HTTPS websites
In which of the following behavioral indicators of an insider threat does the attacker attempt to access unauthorized systems or applications by brute-forcing?
Multiple failed login attempts
Which of the following techniques is used to distribute malicious links via some communication channel such as mails to obtain private information from the victims?
Phishing
Which of the following types of insiders uses their technical knowledge to identify weaknesses and vulnerabilities in the company's network and attempts to sell confidential information to competitors or black-market bidders?
Professional insider
What is the correct order of phases of social engineering attack?
Research on target company -> selecting target -> develop the relationship -> exploit the relationship
Which of the following practices can make employees or users vulnerable to phishing attacks?
Respond to emails requesting sensitive information
Bob, a professional hacker, targeted Ray, a software engineer, to steal his bank-account credentials. He crafted a message stating that Ray's bank account was locked and that Ray needed to click on a link and login to activate it. Ray panicked and clicked the link, revealing his credentials to Bob. Which of the following types of attack did Bob perform on Ray in the above scenario?
SMiShing
Jacob Hacker wants to infect the network of a competitor with a worm virus. He sets the worm to autoexecute and loads 50 copies of the worm onto 50 separate USB drives. He drives to the competitor's campus and drops the USB keys at various locations around the campus. He waits for random employees to pick it up and who might check to see what is on them by plugging them into their computer. Once an employee has inserted the key, the worm autoexecutes and the network is infected. What type of attack is described here?
Social engineering
When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?
Social engineering
Which of the following is a generic exploit designed to perform advanced attacks against human elements to compromise a target to offer sensitive information?
Social-engineer toolkit (SET)
Tony, a software engineer, received an email from his manager instructing him to click on a link and provide his user credentials. Tony was suspicious and contacted his manager through phone. To his surprise, his manager replied that he did not send any such email. Which of the following types of phishing attack was performed on Tony in the above scenario?
Spear phishing
In one of the following types of identity theft, the perpetrator obtains information from different victims to create a new identity by stealing a social security number and uses it with a combination of fake names, date of birth, address, and other details required for creating a new identity. Which is this type of identity theft?
Synthetic identity theft
Which of the following signs is an indication of identity theft?
There is more than one tax return filed under your name
Which of the following activities can lead to identity theft attacks?
Using public Wi-Fi to access sensitive information
Which of the following practices can help individuals protect their online accounts or profiles against identity theft attacks?
Utilize trusted digital wallets that provide high security
While Don, a hacker, was travelling in a bus, he searched for unsecured wireless networks. Once he found an unsecured Wi-Fi network from a laptop, he connected to it secretly and accessed sensitive information that was being transmitted over the unsecured Wi-Fi connections. Which of the following types of attack did Don perform in the above scenario?
Wardriving
