701 Module 9 Knowledge Check

Examples of a social-engineering attack are ping attacks, network scanning, and impersonation. TRUE/FALSE

FALSE

It is very easy to detect social-engineering attempts. TRUE/FALSE

FALSE

Social engineering attacks on organizations are NOT serious threats and do not cost the organization anything. TRUE/FALSE

FALSE

Social engineering deals with network security issues. TRUE/FALSE

FALSE

There are several defenses against social engineering. TRUE/FALSE

FALSE

Identify the social engineering technique in which the attacker targets a person inside the company online, pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company?

Honey trap

_______ social engineering involves human interaction in one manner or another.

Human-based

________ about social engineering and its effects among the workforce makes the organization an easy target.

Ignorance

Common targets of social engineering in an organization include all of the following EXCEPT: A Potential employees B System administrators C Receptionists and helpdesk personnel D Technical support executives

Potential employees

Social engineering is the art of convincing people to reveal ________ to perform some kind of ________. A sensitive information/malicious action B basic information/civic action C passwords/break-in D personal information/breach

Sensitive information/malicious action

Educating employees on how to recognize and respond to social-engineering attacks is the best way to help minimize the chances of social-engineering attacks being successful. TRUE/FALSE

TRUE

Lack of security policies is a factor that makes companies vulnerable to social-engineering attacks. TRUE/FALSE

TRUE

Social engineering is effective because people usually believe and trust others and derive fulfillment from helping others in need. TRUE/FALSE

TRUE

Social engineers lure targets to divulge information by promising something for nothing. TRUE/FALSE

TRUE

Some techniques involved in reverse social engineering include sabotage, marketing, and support. TRUE/FALSE

TRUE

The possible methods of extracting information from another human rely on the attacker's ingenuity. TRUE/FALSE

TRUE

With the help of social-engineering tricks, attackers can obtain confidential information, authorization details, and access details of people by deceiving and manipulating them. TRUE/FALSE

TRUE

Prior to performing a social-engineering attack, an attacker gathers information about the target organization from:

Various sources

________ uses specialized social-engineering content directed at a specific employee or small group of employees in a particular organization to obtain sensitive data.

spear-phishing

________ usually implies entry into the building or security area with consent of an authorized person.

tailgating

The greatest tool of a social engineer is:

Human nature

Insufficient security training makes companies vulnerable to social-engineering attacks. TRUE/FALSE

TRUE

______ social engineering depends on computers and internet systems to carry out the targeted action.

Computer-based

A single security mechanism can be used to protect someone from social-engineering techniques. TRUE/FALSE

FALSE

Despite having security policies in place, attackers can compromise an organization's sensitive information by means of social engineering, as it targets the strengths in people. TRUE/FALSE

FALSE

Social-engineering attacks can cost an organization all of the following EXCEPT: A Minimized user awareness B Loss of privacy C Lawsuits and arbitration D Temporary or permanent closure

Minimized user awareness

________ social engineering involves malicious mobile applications with attractive features.

Mobile-based

Social-engineering targets comply with information requests out of a sense of ________.

Moral obligation

Employees typically are NOT aware that they have inadvertently disclosed an organization's critical information. TRUE/FALSE

TRUE

________ is a technique in which an attacker sends an email or provides a link falsely claiming to be from a legitimate site in an attempt to acquire a user's personal or account information.

phishing

Social engineering deals with ________ tricks employed to gain desired information.

psychological

In ________ social engineering, a perpetrator assumes the role of a person in authority and has employees asking him/her for information.

reverse

A ________ is a high-level document or set of documents that describes, in detail, the security controls to implement. It maintains confidentiality, availability, integrity, and asset values.

security policy

Social engineering is categorized into ________ types.

3

Attackers perform ________ social engineering using various malicious programs such as viruses, Trojans, spyware, and software applications.

computer-based

_______ is the process of retrieving sensitive personal or organizational information by searching through trash bins.

dumpster diving

________ refers to an unauthorized person listening in on a conversation or reading others' messages.

eavesdropping

The most common human-based social engineering technique is ________, where an attacker pretends to be someone legitimate or an authorized person.

impersonation