Chapter 4: Social Engineering and Password Attacks

Joseph receives an email linking to amaz0n.com asking him to change his password. What type of attack is this?

Phishing

3 multiple choice options

When you combine phishing with voicemail, it is known as:

Vishing

3 multiple choice options

A remote system attempts SSH logins using admin with many passwords. What type of attack is this?

A brute-force attack

3 multiple choice options

What rule should be used to detect password spraying?

Match repeated use of the same password during failed login attempts for multiple usernames

3 multiple choice options

A fake invoice requesting PayPal payment from an unusual vendor email account. What attack is this?

Business email compromise

3 multiple choice options

Infecting ads on a site frequently visited by targets. What technique is used?

A watering hole attack

3 multiple choice options

What log information is least useful to detect brute-force attacks?

The geographic location of system being logged into

3 multiple choice options

A caller claims to be a senior leader and pressures Melissa to buy gift cards. What attack is this?

Pretexting

3 multiple choice options

What indicator is most useful to detect password spraying?

The passwords used for failed attempts

3 multiple choice options

Which human vector is primarily associated with nation-state actors?

Misinformation campaigns

3 multiple choice options

Typing www.smazon.com redirects to a fake ad-filled site. What attack is this?

Typosquatting

3 multiple choice options

Malicious tools placed on a primary internal website. What attack is this?

A watering hole attack

3 multiple choice options

Phishing emails pretending to be from familiar companies. What attack is this?

Brand impersonation

3 multiple choice options

Caller pretends to be head of IT and orders firewall disabled. What attack is this?

Impersonation

3 multiple choice options

Which attack relies on text messages?

Smishing

3 multiple choice options

Many different usernames failing with the same password. What attack is this?

Spraying

3 multiple choice options

What should Naomi look for in a smishing report?

Text message-based phishing

3 multiple choice options

How should an organization prevent typosquatting?

Purchase the most common typos for the organization's domain

3 multiple choice options

Fake social media account using company brand to advertise crypto. What attack is this?

Brand impersonation

3 multiple choice options

Nation-state campaigns about U.S. election trustworthiness. What social engineering type is this?

Disinformation

3 multiple choice options

What is the term for the practice of manipulating people through various strategies to accomplish desired actions

Social engineering.

The social engineering principle that relies on people's tendency to obey someone who appears to be in charge is called _____

Authority.

Which social engineering principle involves scaring or bullying an individual into taking a desired action

Intimidation.

What social engineering principle leverages the fact that people tend to want to do what others are doing

Consensus (or social proof).

An attacker creates a limited-time offer to pressure a target into acting quickly. Which social engineering principle is being used

Scarcity.

An attack that succeeds because the target likes the individual or organization the attacker is pretending to represent is based on the principle of _____

Familiarity.

Which social engineering principle relies on creating a feeling that an action must be taken quickly for a specific reason

Urgency.

What is the broad term for the fraudulent acquisition of information, such as credentials or credit card numbers, most often done via email?

Phishing.

What is the term for phishing conducted via SMS (text) messages

Smishing.

What is the term for phishing conducted via telephone or voicemail

Vishing.

A phishing attack that targets a specific individual or group within an organization is known as _____

Spear phishing.

A phishing attack specifically aimed at senior employees like CEOs and CFOs is called _____

Whaling.

What is a common non-technical defense against all forms of phishing

Awareness training for staff.

What term describes incorrect information that is often the result of getting facts wrong

Misinformation.

What term describes incorrect, inaccurate, or false information that is intentionally provided to serve a specific goal?

Disinformation.

What is the term for a social engineering technique that involves pretending to be someone else

Impersonation.

An attack that relies on using apparently legitimate email addresses to conduct scams, such as sending fake invoices, is known as a _____.

Business Email Compromise (BEC).

What is a less specific term sometimes used for Business Email Compromise (BEC)

Email Account Compromise (EAC).

What is a key mitigation method for Business Email Compromise (BEC) that verifies user identity

Multifactor authentication (MFA).

The process of using a made-up scenario to justify why an attacker is approaching an individual is called _____

Pretexting.

Which attack involves compromising websites that a target group is known to frequent

A watering hole attack.

What type of attack uses emails designed to look like they are from a legitimate, well-known company to trick users?

Brand impersonation (or brand spoofing).

An attacker registers a domain like 'g00gle.com' to trick users who mistype a URL. What is this attack called

Typosquatting.

What is a simple way for an organization to help prevent typosquatting attacks

Register the most common typos for their domain name.

Which type of attack redirects users to a malicious site by modifying a system's hosts file or DNS servers

Pharming.

A _____ attack is a password attack that iterates through many password possibilities until one works

brute-force.

What type of password attack attempts to use a single password or a small set of passwords against many different user accounts

Password spraying.

What type of brute-force attack uses a list of common words as its input

A dictionary attack.

What popular open-source password cracking tool includes built-in word lists (dictionaries)

John the Ripper.

A password attack conducted against a live system is considered an _____ attack

online.

A password attack conducted against a captured password file is considered an _____ attack

offline.

What is an easily searchable database of precomputed hashes used to look up captured password hashes

A rainbow table.

A _____ is a one-way cryptographic function that takes an input and generates a unique, repeatable output.

hash.

What social engineering principle relies on building a connection with a target so they will take a desired action

Trust.

Combining phishing with voicemail results in an attack known as _____

vishing.

An attacker attempts to log into one account (e.g 'admin') with a long list of different passwords. What type of attack is this?

A brute-force attack.

To detect a password spraying attack, a security professional should look for failed login attempts using the same _____ for multiple _____.

password; usernames.

An employee receives an email, seemingly from a vendor, with a fake invoice requesting payment to a new account. This is a classic example of what attack?

Business Email Compromise (BEC).

A penetration tester infects the ads on a website frequently visited by a target company's employees. What is this technique

A watering hole attack.

A caller claims to be a senior manager and urgently needs an employee to buy gift cards for a last-minute event. This attack combines urgency, authority, and _____.

pretexting.

Which human vector is primarily associated with nation-state actors aiming to sway public opinion

Misinformation and disinformation campaigns.

A user accidentally types 'smazon.com' and is redirected to a site full of ads. What is this an example of

Typosquatting.

A penetration tester places malicious tools on a target's main internal company website. This is a form of a _____ attack

watering hole.

A caller, pretending to be the head of IT, tells a junior employee to disable the firewall. What social engineering attack best describes this?

Impersonation.

Authentication logs showing many different usernames with failed logins, all using the same password, indicate a _____ attack.

spraying.

What type of attack should an investigator look for when they receive a report of smishing

Text message-based phishing.

A social media account uses a company's logo and name to advertise products the company does not sell. This is an example of what

Brand impersonation.

Nation-state-driven social media campaigns to influence elections are a primary example of _____

disinformation.

Social engineering attacks often succeed because they cause the target to _____ to a situation instead of thinking clearly

react.

The term _____ refers to the use of someone else's identity, typically for financial gain.

identity fraud (or identity theft).

What is the collective term for misinformation, disinformation, and malinformation?

MDM.

What five-step process does CISA recommend to counter misinformation and disinformation campaigns

The TRUST process (Tell, Ready, Understand, Strategize, Track).

According to password storage best practices, passwords should never be stored directly instead, a well-constructed password _____ should be used for verification.

hash

What are two additional pieces of data, known as a salt and a pepper, used for when hashing passwords?

To make it harder to use tools like rainbow tables against the hashed passwords.

Which password attack is often effective if an organization uses a known default password for many accounts

Password spraying.