Studied by 17 people
Which statement describes how reverse social engineering is accomplished?
An attacker tries to convince the target to initiate contact and then gets the target to give up confidential information.
Which statement describes why social engineering is successful?
People have a basic desire to be helpful.
Which statement describes an example of a poor security practice?
An employee creates a strong password and then uses it for all accounts.
A user receives an e-mail warning of a dangerous computer virus and instructing the user to delete files it claims were put there by the virus. However, the files are actually critical system files. Which term describes this scenario?
A hoax
Which statement best explains why vishing is successful?
Vishing is successful because of the trust that individuals place in the telephone system.
Phishing is the most common form of social engineering attack related to computer security. (T/F)
True
Time can be manipulated to drive a sense of ________ and prompt shortcuts that can lead to opportunities for interjection into processes.
urgency
Impersonation can be employed in online attacks. (T/F)
True
An implied future change in availability can create a perception of scarcity. (T/F)
True
Which statement identifies the best defense to prevent information from being obtained in a shoulder surfing attack?
Users should be aware of their surroundings and not allow individuals to get into a position from which they can observe what the user is entering.
Voice communication caller ID systems can be spoofed. (T/F)
True
Which term describes a type of phishing where individuals who are high up in an organization such as the corporate officers are targeted?
whaling
A social engineer uses various deceptive practices to convince the targeted person to divulge information they normally would not divulge or to convince the target of the attack to do something they normally wouldn't do. (T/F)
True
Suppose that an attacker attempts to get credit card numbers using telephone and voice communication technologies. What term is used for this type of attack?
vishing
Which poor security practice is one of the most common and most dangerous?
choosing poor passwords
The tools in a social engineer's toolbox are based on a sophisticated knowledge of software and hardware. (T/F)
False
Which statement describes how shoulder surfing is accomplished?
An attacker directly observes the target entering sensitive information on a form, keypad, or keyboard.
The insider may be much more successful in carrying out a social engineering attack. (T/F)
True
The only means of social engineering is through direct contact between the target and the attacker. (T/F)
False
Which of the following devices is a sophisticated countermeasure to piggybacking?
a man trap
Which term describes an attack that changes URLs in a server's domain name table?
DNS poisoning
Which statement describes how piggybacking is accomplished?
An attacker follows closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.
Which statement accurately describes how pharming is accomplished?
The attacker modifies local host files, which are used to convert URLs to the appropriate IP address, so that the user is directed to a fake website.
Reverse social engineering is easier to execute than social engineering. (T/F)
False
Which statement describes how dumpster diving is accomplished?
An attacker attempts to find little bits of information that could be useful for an attack in a target's trash can.
Note
Flashcard