2.3.12
Which of the following BEST describes an inside attacker? -An unintentional threat actor. This is the most common threat. -An attacker with lots of resources and money at their disposal. -A good guy who tries to help a company see their vulnerabilities. -An agent who uses their technical knowledge to bypass security.
An unintentional threat actor. This is the most common threat.
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique? -Elicitation -Interrogation -Impersonation -Preloading
Elicitation
Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for a name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack? -DNS cache poisoning -Feigning ignorance -Host file modification -Social networking
DNS cache poisoning
Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in? -Development phase -Research phase -Exploitation phase -Elicitation phase
Development phase
Which of the following is a common social engineering attack? -Distributing hoax virus-information emails -Logging on with stolen credentials -Distributing false information about an organization's financial status -Using a sniffer to capture network traffic
Distributing hoax virus-information emails
Having a legitimate reason for approaching someone to ask for sensitive information is called what? -Preloading -Impersonation -Footprinting -Pretexting
Impersonation
Social engineers are master manipulators. Which of the following are tactics they might use? -Eavesdropping, ignorance, and threatening -Keylogging, shoulder surfing, and moral obligation -Shoulder surfing, eavesdropping, and keylogging -Moral obligation, ignorance, and threatening
Moral obligation, ignorance, and threatening
Any attack involving human interaction of some kind is referred to as what? -Social engineering -A white hat hacker -An opportunistic attack -Attacker manipulation
Social engineering
An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering? -Authority -Persuasive -Social validation -Commitment
Authority
Which of the following are examples of social engineering attacks? (Select three.) -Port scanning -Shoulder surfing -Keylogging -Impersonation -War dialing
Shoulder surfing Keylogging Impersonation