Security Pro 2.3.12 Section Quiz
Which of the following BEST describes an inside attacker? A good guy who tries to help a company see their vulnerabilities. An unintentional threat actor. This is the most common threat. An agent who uses their technical knowledge to bypass security. An attacker with lots of resources and money at their disposal.
An unintentional threat actor. This is the most common threat.
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique? Preloading Impersonation Elicitation Interrogation
Elicitation
An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering? Authority Persuasive Social validation Commitment
Authority
Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for a name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack? Feigning ignorance Social networking DNS cache poisoning Host file modification
DNS cache poisoning
Which of the following is a common social engineering attack? Distributing false information about an organization's financial status Logging on with stolen credentials Distributing hoax virus-information emails Using a sniffer to capture network traffic
Distributing hoax virus-information emails
Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in? Elicitation phase Development phase Research phase Exploitation phase
Development phase
Having a legitimate reason for approaching someone to ask for sensitive information is called what? Impersonation Preloading Pretexting Footprinting
Impersonation
Social engineers are master manipulators. Which of the following are tactics they might use? Keylogging, shoulder surfing, and moral obligation Moral obligation, ignorance, and threatening Shoulder surfing, eavesdropping, and keylogging Eavesdropping, ignorance, and threatening
Moral obligation, ignorance, and threatening
Which of the following are examples of social engineering attacks? (Select three.) War dialing Impersonation Keylogging Port scanning Shoulder surfing
Shoulder surfing Impersonation Keylogging
Any attack involving human interaction of some kind is referred to as what? Attacker manipulation An opportunistic attack A white hat hacker Social engineering
Social engineering