4.6.6

Ace your homework & exams now with Quizwiz!

The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering attack?

Authority

What is the primary countermeasure to social engineering?

Awareness

How can an organization help prevent social engineering attacks? (Select two.)

Educate employees on the risks and countermeasures, Publish and enforce clearly-written security polices

Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Establish and enforce a document destruction policy

Which of the following is a common form of social engineering attack?

Hoax virus information e-mails.

What is the primary difference between impersonation and masquerading?

One is more active, the other is more passive

Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through e-mails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site?

Phishing

By definition, which type of social engineering attack uses of a fictitious scenario to persuade someone to give information for which they are not authorized?

Pretexting

Dictionary attacks are often more successful when performed after what reconnaissance action?

Social engineering

Which type of social engineering attack uses peer pressure to persuade someone to help an attacker?

Social validation

You have just received a generic-looking e-mail that is addressed as coming from the administrator of your company. The e-mail says that as part of a system upgrade, you are to go to a Web site and enter your username and password at a new Web site so you can manage your e-mail and spam using the new service. What should you do?

Verify that the e-mail was sent by the administrator and that this new service is legitimate.

You've got just received an e-mail messages that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat. What should your first action based on the message be?

Verify the information on well-known malicious code threat management Web sites.

Which of the following social engineering attacks are use Voice over IP (VoIP) to gain sensitive information?

Vishing

A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. What type of an attack best describes the scenario?

Whaling

Match the social engineering description on the left with the appropriate attack type on the right.

*Phishing * An attacker sends an email pretending to be from a trusted organization, asking users to access a web site to verify personal information. *Whaling* An attacker gathers personal information about the target individual, who is a CEO. *Spear phishing* An attacker gathers personal information about the target individual in an organization. *Dumpster diving* An attacker searches through an organization's trash looking for sensitive information. *Piggybacking* An attacker enters a secured building by following an authorized employee through a secure door without providing identification. *Vishing* An attacker uses a telephone to convince target individuals to reveal their credit card information.


Related study sets

Chapter 7, part2-Social Security Benefits and Taxation

View Set

Chapter 1: Environment and Theoretical Structure of Financial Accounting

View Set

Biological psychology Practice Quiz's clo 1

View Set

INTEGRATION PRACTICE QUESTIONS FOR FINAL # 1 IDOLIS

View Set

Concepts Review & Self Study CH 6

View Set

The Cosmic Perspective Fundamentals 2e: CH. 1-11, 12.3, 13.2, 14.1, 14.3

View Set

Prep U- Chapter 45: Management of Patients With Oral and Esophageal Disorders

View Set

Amigos en Guatemala (All Lessons)

View Set

Respiratory System practice questions

View Set