Ethical Hacking CH10
Gabriela receives an email claiming that her bank account information has been lost and that she needs to click a link to update the bank's database. However, she doesn't recognize the bank, because it is not one she does business with. What type of attack is she being presented with? A. Phishing B. Spam C. Whaling D. Vishing
A. Phishing
Training and education of end users can be used to prevent _______ A. Phishing B. Denial of service C. Session hijacking D. Wireshark
A. Phishing
During an annual security training course, Stephan is trainer and he place a call to another employee picked randomly who is not part of the training class. In this call, Stephan state that he work in the help desk department and request their password in order to reset an account he noticed is locked. What risk Stephan demonstrating to training class employees? A. Social engineering B. Weak passwords C. Malware being installed by workers D. Spam emails circulating the office
A. Social engineering
Which of the following would be a very effective source of information as it relates to social engineering? A. Social networking B. Port scanning C. Websites D. Job boards
A. Social networking
Human beings tend to follow set patterns and behaviors known as: A. Repetition B. Human element -habits C. Primacy D. Piggybacking
B. Human element -habits
When talking to a victim, using ___________ can make an attack easier. A. Eye contact B. Keywords C. Jargon D. Threats
B. Keywords
Social engineering preys on many weaknesses, mainly: A. Technology B. People C. Human nature D. Physical
C. Human nature
Which mechanism can be used to influence a targeted individual? A. Means of dress or appearance B. Technological controls C. Physical controls D. Training
A. Means of dress or appearance
The following depicts the adversary conducting what type of action? A. 1st and 2ndPhase of Social Engineering B. Tail gating C. Scanning and enumeration D. Fingerprinting
A. 1st and 2ndPhase of Social Engineering
Social engineering is designed to ___________ A. Manipulate human behavior B. Make people distrustful C. Infect a system D. Gain a physical advantage
A. Manipulate human behavior
What method is used to send spam or malicious content over instant messaging applications? A. Spim B. Spam C. Ham and Cheese (HAC) D. Phishing
A. Spim
Phishing can be mitigated through the use of ____________ A. Spam filtering B. Education C. Antivirus D. Anti-malware
B. Education
Phishing takes place using ____________ . A. Instant messaging B. Email C. Websites D. Piggybacking
B. Email
Social engineering can be used to carry out email campaigns known as: A. Spamming B. Phishing C. Vishing D. Splashing
B. Phishing
What type of attack is the adversary conducting in the following diagram? A.Man-in-the-middle attack B. Shoulder surfing C. Passive reconnaissance D. Foot inactive surveillance
B. Shoulder surfing
What is the best option for thwarting social-engineering attacks? A. Technology B. Training C. Policies D. Physical controls
B. Training
Austin receives notices that he has unauthorized charges on his credit card account. What type of attack is Austin a victim of? A. Social engineering B. Phishing C. Identity theft D. Bad luck
C. Identity theft
Tito notices that he is receiving mail, phone calls, and other requests for information. He has also noticed some problems with his credit checks such as bad debts and loans he did not participate in. What type of attack did Tito become a victim of? A. Social engineering B. Phishing C. Identity theft D. Bad luck
C. Identity theft
An attacker can use which technique to influence a victim? A. Tailgating B. Piggybacking C. Name-dropping D. Acting like tech support
C. Name-dropping
Gage receives an email enticing him to click a link. But when he clicks this link he is taken to a website for his bank, asking him to reset his account information. However, Gage noticed that the bank and the website is not for his bank. What type of attack is this? A. Whaling B. Vishing C. Phishing D. Piggybacking
C. Phishing
As a black box methodology pen tester, Jesse forge an identification badge and dress in clothes associated with a maintenance worker. Jesse attempt to follow other maintenance personnel as they enter the company facility. What Jesse attempting to do? A. Dumps diving B. Social Networking C. Tailgating D. Impersonating
C. Tailgating
A security camera picks up someone who doesn't work at the company following closely behind an employee while they enter the building. What type of attack is taking place? A. Phishing B. Walking C. Gate running D. Tailgating
D. Tailgating
Social engineering can use all the following except: A. Mobile phones B. IM (Instant messages) - Text message C. Trojan horses D. Viruses
D. Viruses