Ethical Hacking CH10

Gabriela receives an email claiming that her bank account information has been lost and that she needs to click a link to update the bank's database. However, she doesn't recognize the bank, because it is not one she does business with. What type of attack is she being presented with? A. Phishing B. Spam C. Whaling D. Vishing

A. Phishing

Training and education of end users can be used to prevent _______ A. Phishing B. Denial of service C. Session hijacking D. Wireshark

A. Phishing

During an annual security training course, Stephan is trainer and he place a call to another employee picked randomly who is not part of the training class. In this call, Stephan state that he work in the help desk department and request their password in order to reset an account he noticed is locked. What risk Stephan demonstrating to training class employees? A. Social engineering B. Weak passwords C. Malware being installed by workers D. Spam emails circulating the office

A. Social engineering

Which of the following would be a very effective source of information as it relates to social engineering? A. Social networking B. Port scanning C. Websites D. Job boards

A. Social networking

Human beings tend to follow set patterns and behaviors known as: A. Repetition B. Human element -habits C. Primacy D. Piggybacking

B. Human element -habits

When talking to a victim, using ___________ can make an attack easier. A. Eye contact B. Keywords C. Jargon D. Threats

B. Keywords

Social engineering preys on many weaknesses, mainly: A. Technology B. People C. Human nature D. Physical

C. Human nature

Which mechanism can be used to influence a targeted individual? A. Means of dress or appearance B. Technological controls C. Physical controls D. Training

A. Means of dress or appearance

The following depicts the adversary conducting what type of action? A. 1st and 2ndPhase of Social Engineering B. Tail gating C. Scanning and enumeration D. Fingerprinting

A. 1st and 2ndPhase of Social Engineering

Social engineering is designed to ___________ A. Manipulate human behavior B. Make people distrustful C. Infect a system D. Gain a physical advantage

A. Manipulate human behavior

What method is used to send spam or malicious content over instant messaging applications? A. Spim B. Spam C. Ham and Cheese (HAC) D. Phishing

A. Spim

Phishing can be mitigated through the use of ____________ A. Spam filtering B. Education C. Antivirus D. Anti-malware

B. Education

Phishing takes place using ____________ . A. Instant messaging B. Email C. Websites D. Piggybacking

B. Email

Social engineering can be used to carry out email campaigns known as: A. Spamming B. Phishing C. Vishing D. Splashing

B. Phishing

What type of attack is the adversary conducting in the following diagram? A.Man-in-the-middle attack B. Shoulder surfing C. Passive reconnaissance D. Foot inactive surveillance

B. Shoulder surfing

What is the best option for thwarting social-engineering attacks? A. Technology B. Training C. Policies D. Physical controls

B. Training

Austin receives notices that he has unauthorized charges on his credit card account. What type of attack is Austin a victim of? A. Social engineering B. Phishing C. Identity theft D. Bad luck

C. Identity theft

Tito notices that he is receiving mail, phone calls, and other requests for information. He has also noticed some problems with his credit checks such as bad debts and loans he did not participate in. What type of attack did Tito become a victim of? A. Social engineering B. Phishing C. Identity theft D. Bad luck

C. Identity theft

An attacker can use which technique to influence a victim? A. Tailgating B. Piggybacking C. Name-dropping D. Acting like tech support

C. Name-dropping

Gage receives an email enticing him to click a link. But when he clicks this link he is taken to a website for his bank, asking him to reset his account information. However, Gage noticed that the bank and the website is not for his bank. What type of attack is this? A. Whaling B. Vishing C. Phishing D. Piggybacking

C. Phishing

As a black box methodology pen tester, Jesse forge an identification badge and dress in clothes associated with a maintenance worker. Jesse attempt to follow other maintenance personnel as they enter the company facility. What Jesse attempting to do? A. Dumps diving B. Social Networking C. Tailgating D. Impersonating

C. Tailgating

A security camera picks up someone who doesn't work at the company following closely behind an employee while they enter the building. What type of attack is taking place? A. Phishing B. Walking C. Gate running D. Tailgating

D. Tailgating

Social engineering can use all the following except: A. Mobile phones B. IM (Instant messages) - Text message C. Trojan horses D. Viruses

D. Viruses