CEH Certified Ethical Hacker Chapter 11
Phishing e-mail attacks have caused severe harm to a company. The security office decides to provide training to all users in phishing prevention. Which of the following are true statements regarding identification of phishing attempts ? (choose all that apply)
Ensure email is from a trusted, legitimate email address source. Verify spelling and grammar is correct. Verify all links before clicking them.
Bob decides to employ social engineering during part of his pen test. He sends an unsolicited e-mail to several users on the network advising them to potential network problems and provides a phone number to call. Later that dat, Bob performs a DoS on a network segment and then receives a phone call from users asking for assistance. Which social engineering practice is in play here ?
Reverse social engineering
Which of the following is not a method used to control or mitigate against static electricity in a computer room ?
Positive pressure
An attacker creates a fake ID badge and waits next to an entry door to a secured facility. An authorized user swipes a key card and opens the door. Jim follows the user inside. Which social engineering attack is in play here ?
Tailgating
Your organization installs mantraps in the entranceway. Which of the following attacks is it attempting to protect against ?
Tailgating
An attacker has physical access to a building and wants to attain access credentials to the network using nontechnical means. Which of the following social engineering attacks is the best option ?
Shoulder surfing
Background checks on employees, risk assessment on devices, and policies regarding key management and storage are examples of ____________ measures within physical activity.
Operational
Which threat presents the highest risk to a target network or resource ?
A disgruntled employee
Phishing, pop-ups, and IRC channel use are all examples of which type of social engineering attack ?
Computer based
Lighting, locks, fences, and guards are all examples of __________ measures within physical security.
Physical
A man receives a text message on his phone purporting to be from Technical Services. The text advises of a security breach and provides a web link and phone number to follow up on. When he man calls the number, he turns over sensitive information. Which social engineering attack was this ?
Smishing
An attacker performs a Who is search against a target organization and discovers the technical point of contact (POC) and site ownership e-mail addresses. He then crafts an e-mail to the owner from the technical POC, with instructions to click a link to see web statistics for the site. Instead, the link goes to a fake site where credentials are stolen. Which attack has taken place ?
Spear phishing