Lesson 1: Comparing and Contrasting Different Types of Social Engineering Techniques
Which of the following is true about spear phishing attacks - They are phishing attempts that are constructed in a very specific way and directly targeted to specific individuals or companies. - They use the Windows Administrative Center - They use Windows PowerShell - They are the same as whaling and phishing attacks.
1
Which of the following recommendations can be used in user security awareness training and education? - Use encryption when possible to protect emails, phone calls, and data. - All of these - Adhere to the organization's clean desk policy, which states that all documents, electronics, personally owned devices, and other items be put away (or locked away) when the user if not at his or her desk, or another work area. - Always screen your email and phone calls carefully and keep a log of events. This is also known as communications vetting.
2
Which of the following best describes the difference between smishing and vishing? - None of these - Vishing is a social engineering attack in which the attacker leaves a voicemail and then persuades the user to reveal sensitive information or perform a given action. Smishing is a type of typo squatting and pharming campaign using short internet messaging systems. - Vishing is a social engineering attack in which the attacker leaves a voicemail and then persuades the user to reveal sensitive information or perform a given action. Smishing is a type of typo squatting and pharming campaign using Bluetooth. - Vishing is a social engineering attack in which the attacker calls the user over the phone and then persuades the user to reveal sensitive information or perform a given action. Smishing is a type of phishing campaign using SMS text messages instead of email.
4
Which of the following is true about social engineering motivation techniques? - Social proof can be used to create a feeling of urgency in a decision-making context. It is possible to use specific language in interaction to present a sense of urgency and manipulate the victim. - Social proof cannot be used in an interrogation because it is illegal. It is not legal to use specific language in interaction to present a sense of urgency and manipulate your victim. - Scarcity cannot be used to create a feeling of urgency in a decision-making context. It is possible to use specific language in interaction to present a sense of urgency and manipulate your victim. - Scarcity can be used to create a feeling of urgency in a decision-making context. It is possible to use specific language in interaction to present a sense of urgency and manipulate the victim.
4
Which of the following best describes pretexting? - social engineering - impersonation - pharming - whaling
Impersonation (Pretexting is the act of impersonation someone else. F.e an attacker could impersonate an employee of a company or a business partner to attempt to steal sensitive data from the victim)
Which of the following is an example of a tool that can be used specifically to perform social engineering attacks? - SET - The Harvester - Recon-ng - Maltego
SET
A(n) ___ is a small space that can usually fit only one person, used to combat tailgating.
access control vestibule
Which of the following refers to the act of incorporating malicious ads on trusted websites, which results in users' browsers being inadvertently redirected to sites hosting malware? - whaling - malvertising - pharming - active ad exploitation
pharming
An attacker sends a targeted email with a malicious attachment to a user in your company. This attacker researched public information about the user to send a "more personal' and targeted email to the user. Which type of attack is this?s
spear phishing
Derek is the CEO of a Fortune 500 company. He received an email with a malicious attachment. Once Derek clicked on the attachment, malware was installed on his system. Which of the following best describes this attack? - whaling - pretexting - smishing - vishing
whaling