Module 4˸ Social Engineering

Which of the following statements is NOT true regarding effective measures to defend against social engineering attacks?

A good security policy can prevent people from being socially engineered.

What are the costs for a business when a user is tricked into downloading malware?

Business availability Business credibility

When an unauthorized person closely follows an authorized person into a secured area, the unauthorized person is using which technique?

Tailgating

What social engineering technique includes interception of any form of communication, including audio, video, or written?

Eavesdropping

Measures that must be taken to prevent the misuse of sensitive data would be part of which social engineering countermeasure?

Operational Guidelines

Which type of social engineering threat is accomplished through the use of intimidation, persuasion, ingratiation, or assistance?

Personal Approaches

When an attacker sends an e-mail or provides a link falsely claiming to be from a legitimate site in an attempt to acquire a user's personal or account information, the attacker is using which feature or technique?

Phishing

Which human-based social engineering technique involves an attacker masquerading as a hardware vendor?

Posing as Technical Support

Which type of social engineering compels someone to do what everyone else is doing?

Social Validation

What is the process of gaining information from people, often through deception, for the purpose of finding out about an organization's computer resources called?

Social engineering