Which statement describes how reverse social engineering is accomplished?
An attacker tries to convince the target to initiate contact and then gets the target to give up confidential information.
2
New cards
Which statement describes why social engineering is successful?
People have a basic desire to be helpful.
3
New cards
Which statement describes an example of a poor security practice?
An employee creates a strong password and then uses it for all accounts.
4
New cards
A user receives an e-mail warning of a dangerous computer virus and instructing the user to delete files it claims were put there by the virus. However, the files are actually critical system files. Which term describes this scenario?
A hoax
5
New cards
Which statement best explains why vishing is successful?
Vishing is successful because of the trust that individuals place in the telephone system.
6
New cards
Phishing is the most common form of social engineering attack related to computer security. (T/F)
True
7
New cards
Time can be manipulated to drive a sense of ________ and prompt shortcuts that can lead to opportunities for interjection into processes.
urgency
8
New cards
Impersonation can be employed in online attacks. (T/F)
True
9
New cards
An implied future change in availability can create a perception of scarcity. (T/F)
True
10
New cards
Which statement identifies the best defense to prevent information from being obtained in a shoulder surfing attack?
Users should be aware of their surroundings and not allow individuals to get into a position from which they can observe what the user is entering.
11
New cards
Voice communication caller ID systems can be spoofed. (T/F)
True
12
New cards
Which term describes a type of phishing where individuals who are high up in an organization such as the corporate officers are targeted?
whaling
13
New cards
A social engineer uses various deceptive practices to convince the targeted person to divulge information they normally would not divulge or to convince the target of the attack to do something they normally wouldn't do. (T/F)
True
14
New cards
Suppose that an attacker attempts to get credit card numbers using telephone and voice communication technologies. What term is used for this type of attack?
vishing
15
New cards
Which poor security practice is one of the most common and most dangerous?
choosing poor passwords
16
New cards
The tools in a social engineer's toolbox are based on a sophisticated knowledge of software and hardware. (T/F)
False
17
New cards
Which statement describes how shoulder surfing is accomplished?
An attacker directly observes the target entering sensitive information on a form, keypad, or keyboard.
18
New cards
The insider may be much more successful in carrying out a social engineering attack. (T/F)
True
19
New cards
The only means of social engineering is through direct contact between the target and the attacker. (T/F)
False
20
New cards
Which of the following devices is a sophisticated countermeasure to piggybacking?
a man trap
21
New cards
Which term describes an attack that changes URLs in a server's domain name table?
DNS poisoning
22
New cards
Which statement describes how piggybacking is accomplished?
An attacker follows closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.
23
New cards
Which statement accurately describes how pharming is accomplished?
The attacker modifies local host files, which are used to convert URLs to the appropriate IP address, so that the user is directed to a fake website.
24
New cards
Reverse social engineering is easier to execute than social engineering. (T/F)
False
25
New cards
Which statement describes how dumpster diving is accomplished?
An attacker attempts to find little bits of information that could be useful for an attack in a target's trash can.