701 Module 9 Knowledge Check
Examples of a social-engineering attack are ping attacks, network scanning, and impersonation. TRUE/FALSE
FALSE
It is very easy to detect social-engineering attempts. TRUE/FALSE
FALSE
Social engineering attacks on organizations are NOT serious threats and do not cost the organization anything. TRUE/FALSE
FALSE
Social engineering deals with network security issues. TRUE/FALSE
FALSE
There are several defenses against social engineering. TRUE/FALSE
FALSE
Identify the social engineering technique in which the attacker targets a person inside the company online, pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company?
Honey trap
_______ social engineering involves human interaction in one manner or another.
Human-based
________ about social engineering and its effects among the workforce makes the organization an easy target.
Ignorance
Common targets of social engineering in an organization include all of the following EXCEPT: A Potential employees B System administrators C Receptionists and helpdesk personnel D Technical support executives
Potential employees
Social engineering is the art of convincing people to reveal ________ to perform some kind of ________. A sensitive information/malicious action B basic information/civic action C passwords/break-in D personal information/breach
Sensitive information/malicious action
Educating employees on how to recognize and respond to social-engineering attacks is the best way to help minimize the chances of social-engineering attacks being successful. TRUE/FALSE
TRUE
Lack of security policies is a factor that makes companies vulnerable to social-engineering attacks. TRUE/FALSE
TRUE
Social engineering is effective because people usually believe and trust others and derive fulfillment from helping others in need. TRUE/FALSE
TRUE
Social engineers lure targets to divulge information by promising something for nothing. TRUE/FALSE
TRUE
Some techniques involved in reverse social engineering include sabotage, marketing, and support. TRUE/FALSE
TRUE
The possible methods of extracting information from another human rely on the attacker's ingenuity. TRUE/FALSE
TRUE
With the help of social-engineering tricks, attackers can obtain confidential information, authorization details, and access details of people by deceiving and manipulating them. TRUE/FALSE
TRUE
Prior to performing a social-engineering attack, an attacker gathers information about the target organization from:
Various sources
________ uses specialized social-engineering content directed at a specific employee or small group of employees in a particular organization to obtain sensitive data.
spear-phishing
________ usually implies entry into the building or security area with consent of an authorized person.
tailgating
The greatest tool of a social engineer is:
Human nature
Insufficient security training makes companies vulnerable to social-engineering attacks. TRUE/FALSE
TRUE
______ social engineering depends on computers and internet systems to carry out the targeted action.
Computer-based
A single security mechanism can be used to protect someone from social-engineering techniques. TRUE/FALSE
FALSE
Despite having security policies in place, attackers can compromise an organization's sensitive information by means of social engineering, as it targets the strengths in people. TRUE/FALSE
FALSE
Social-engineering attacks can cost an organization all of the following EXCEPT: A Minimized user awareness B Loss of privacy C Lawsuits and arbitration D Temporary or permanent closure
Minimized user awareness
________ social engineering involves malicious mobile applications with attractive features.
Mobile-based
Social-engineering targets comply with information requests out of a sense of ________.
Moral obligation
Employees typically are NOT aware that they have inadvertently disclosed an organization's critical information. TRUE/FALSE
TRUE
________ is a technique in which an attacker sends an email or provides a link falsely claiming to be from a legitimate site in an attempt to acquire a user's personal or account information.
phishing
Social engineering deals with ________ tricks employed to gain desired information.
psychological
In ________ social engineering, a perpetrator assumes the role of a person in authority and has employees asking him/her for information.
reverse
A ________ is a high-level document or set of documents that describes, in detail, the security controls to implement. It maintains confidentiality, availability, integrity, and asset values.
security policy
Social engineering is categorized into ________ types.
3
Attackers perform ________ social engineering using various malicious programs such as viruses, Trojans, spyware, and software applications.
computer-based
_______ is the process of retrieving sensitive personal or organizational information by searching through trash bins.
dumpster diving
________ refers to an unauthorized person listening in on a conversation or reading others' messages.
eavesdropping
The most common human-based social engineering technique is ________, where an attacker pretends to be someone legitimate or an authorized person.
impersonation