3.1.11 - Social Engineering (Practice Questions)

Whaling

An attack that targets senior executives and high-profile victims is referred to as:

Social engineering

Any attack involving human interaction of some kind is referred to as:

Moral obligation, ignorance, and threatening

Social engineers are master manipulators. Which of the following are tactics they might use?

Pretexting

Using a fictitious scenario to persuade someone to perform an action or given information they aren't authorized to share is called:

Shoulder surfing

Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?

Elictitation

Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?

DNS cache poisoning

Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack?

Development phase

Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?

A hacker who uses scripts written by much more talented individuals.

Which of the following best describes a script kiddie?

An unintentional threat actor; the most common threat

Which of the following best describes an inside attacker?

Spim

You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?

You should not provide any information and forward the call to the help desk.

You get a call from one of your best customers. The customer is asking about your company's employees, teams, and managers. What should you do?