CIS2.3.12

Which of the following BEST describes an inside attacker?

An unintentional threat actor. This is the most common threat.

An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering?

Authority

Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?

Elicitation

Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for a name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack?

DNS cache poisoning

Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?

Development phase

Which of the following is a common social engineering attack?

Distributing hoax virus information emails

Having a legitimate reason for approaching someone to ask for sensitive information is called what?

Impersonation

Social engineers are master manipulators. Which of the following are tactics they might use?

Moral obligation, ignorance, and threatening

Which of the following are examples of social engineering attacks? (Select three.)

Shoulder surfing Keylogger Impersonation

Any attack involving human interaction of some kind is referred to as what?

Social engineering