12.4.6 Practice Questions Test Out
Match each social engineering description on the left with the appropriate attack type on the right. 1. Phishing 2. Whaling 3. Spear phishing 4. Dumpster diving 5. Piggybacking 6. Vishing
1. An attacker sends an email pretending to be from a trusted organization, asking users to access a website to verify personal information. 2. An attacker gathers personal information about the target individual, who is a CEO. 3. An attacker gathers personal information about the target individual in an organization. 4. An attacker searches through an organization's trash for sensitive information. 5. An attacker enters a secure building by following an authorized employee through a secure door without providing identification. 6. An attacker uses a telephone to convince target individuals to reveal their credit card information.
An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. Which type of social engineering is this individual engaging in?
Authority
What is the primary countermeasure to social engineering?
Awareness
On your way into the back entrance of your work building one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do?
Direct him to the front entrance and instruct him to check in with the receptionist.
Dumpster diving is a low-tech way of gathering information that may be useful for gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?
Establish and enforce a document destruction policy.
Which of the following is a common social engineering attack?
Hoax virus information emails.
Which of the following are examples of social engineering attacks? (Select two.)
Shoulder surfing Dumpster diving
What is the definition of any attack involving human interaction of some kind?
Social engineering
You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you need enter your username and password in a new website so you can manage your email and spam using the new service. What should you do?
Verify that the email was sent by the administrator and that this new service is legitimate.
A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of attack BEST describes the scenario?
Whaling
