*Chapter 04 Quiz (ITN260) - The Role of People in Security

Which statement describes how reverse social engineering is accomplished?

An attacker tries to convince the target to initiate contact and then gets the target to give up confidential information.

Which statement describes why social engineering is successful?

People have a basic desire to be helpful.

Which statement describes an example of a poor security practice?

An employee creates a strong password and then uses it for all accounts.

A user receives an e-mail warning of a dangerous computer virus and instructing the user to delete files it claims were put there by the virus. However, the files are actually critical system files. Which term describes this scenario?

A hoax

Which statement best explains why vishing is successful?

Vishing is successful because of the trust that individuals place in the telephone system.

Phishing is the most common form of social engineering attack related to computer security. (T/F)

True

Time can be manipulated to drive a sense of ________ and prompt shortcuts that can lead to opportunities for interjection into processes.

urgency

Impersonation can be employed in online attacks. (T/F)

True

An implied future change in availability can create a perception of scarcity. (T/F)

True

Which statement identifies the best defense to prevent information from being obtained in a shoulder surfing attack?

Users should be aware of their surroundings and not allow individuals to get into a position from which they can observe what the user is entering.

Voice communication caller ID systems can be spoofed. (T/F)

True

Which term describes a type of phishing where individuals who are high up in an organization such as the corporate officers are targeted?

whaling

A social engineer uses various deceptive practices to convince the targeted person to divulge information they normally would not divulge or to convince the target of the attack to do something they normally wouldn't do. (T/F)

True

Suppose that an attacker attempts to get credit card numbers using telephone and voice communication technologies. What term is used for this type of attack?

vishing

Which poor security practice is one of the most common and most dangerous?

choosing poor passwords

The tools in a social engineer's toolbox are based on a sophisticated knowledge of software and hardware. (T/F)

False

Which statement describes how shoulder surfing is accomplished?

An attacker directly observes the target entering sensitive information on a form, keypad, or keyboard.

The insider may be much more successful in carrying out a social engineering attack. (T/F)

True

The only means of social engineering is through direct contact between the target and the attacker. (T/F)

False

Which of the following devices is a sophisticated countermeasure to piggybacking?

a man trap

Which term describes an attack that changes URLs in a server's domain name table?

DNS poisoning

Which statement describes how piggybacking is accomplished?

An attacker follows closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.

Which statement accurately describes how pharming is accomplished?

The attacker modifies local host files, which are used to convert URLs to the appropriate IP address, so that the user is directed to a fake website.

Reverse social engineering is easier to execute than social engineering. (T/F)

False

Which statement describes how dumpster diving is accomplished?

An attacker attempts to find little bits of information that could be useful for an attack in a target's trash can.