4.6.3 Quiz - Social Engineering Attacks

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/23

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

24 Terms

1
New cards

What type of threat allows an attacker to obtain the credentials of a bank client by spoofing the login webpage of a financial institution?

  • piggybacking

  • vishing

  • whaling

  • malvertising

  • malvertising

2
New cards

What is a watering hole attack?

  • an attack carried out in a phone conversation

  • an attack targeted at high-profile business executives and key individuals in a company

  • an attack that exploits a website that is commonly accessed by members of a targeted organization

  • an attack performed by an unauthorized person who tags along with an authorized person to gain entry to a restricted area

  • an attack that exploits a website that is commonly accessed by members of a targeted organization

3
New cards

What is the act of gaining knowledge or information from a victim without directly asking for that particular information?

  • influence

  • elicitation

  • interrogation

  • impersonation

  • elicitation

4
New cards

A threat actor has altered the host file for a commonly accessed website on the computer of a victim. Now when the user clicks on the website link, they are redirected to a malicious website. What type of attack has the threat actor accomplished?

  • phishing

  • vishing

  • pharming

  • tailgating

  • pharming

5
New cards

Why would a threat actor use the Social-Engineering Toolkit (SET)?

  • to send a spear phishing email

  • to spoof a phone number

  • to manipulate users by leveraging XSS vulnerabilities

  • to practice social engineering elicitation, interrogation, and pretexting skills

  • to send a spear phishing email

6
New cards

A salesperson is attempting to convince a customer to buy a product because limited supplies are available. Which social engineering method of influence is being used by the salesperson?

  • social proof

  • authority

  • likeness

  • scarcity

  • scarcity

7
New cards

What method of influence is characterized when a celebrity endorses a product on social media?

  • social proof

  • scarcity

  • authority

  • fear

  • social proof

8
New cards

Apple is a company constantly working towards making its products and processes more environmentally friendly. Therefore, the Apple brand is associated with ideals and values that customers can relate to and support. What method of influence is being used by Apple?

  • fear

  • scarcity

  • authority

  • likeness

  • likeness

9
New cards

A threat actor has sent a phishing email to a victim stating that suspicious activity has been detected on their bank account and that they must immediately click on a provided link to change their password. What method of influence is being used by the threat actor?

  • social proof

  • authority

  • likeness

  • urgency

  • urgency

10
New cards

Which social engineering physical attack statement is correct?

  • In the tailgating attack, an unauthorized person tags along with an authorized person to gain entry to a restricted area with the person’s consent.

  • In the piggybacking attack, an unauthorized person tags along with an authorized person to gain entry to a restricted area without the person’s consent.

  • Badge cloning attacks cannot be performed by software.

  • Shoulder surfing can be prevented by using special screen filters for computer displays.

  • Shoulder surfing can be prevented by using special screen filters for computer displays.

11
New cards

Which tool provides a threat actor a web console to manipulate users who are victims of cross-site scripting (XSS) attacks?

  • Asterisk

  • SET

  • BeEF

  • Nikto

  • BeEF

12
New cards

Which Apple iOS and Android tool can be used to spoof a phone number?

  • SpoofApp

  • Nessus

  • Asterisk

  • BeEF

  • SpoofApp

13
New cards

What two physical attacks are mitigated by using access control vestibules? (Choose two.)

  • shoulder surfing

  • dumpster diving

  • tailgating

  • badge cloning

  • piggybacking

  • tailgating

  • piggybacking

14
New cards

Which two access control options are commonly used in conjunction with access control vestibules? (Choose two.)

  • proximity card and PIN

  • turnstile

  • security guard

  • toll collector

  • biometric scan

  • proximity card and PIN

  • biometric scan

15
New cards

Which resource would mitigate piggybacking and tailgating?

  • security guard

  • camera

  • “no trespassing” warnings

  • badge/card access

  • security guard

16
New cards

Which tool can launch social engineering attacks and be integrated with third-party tools and frameworks such as Metasploit?

  • BeEF

  • Nessus

  • SET

  • Asterisk

  • SET

17
New cards

Who is the target of a whaling attack?

  • upper managers such as the CEO or key individuals in an organization

  • ordinary users

  • user groups of social networks such as Facebook and Twitter

  • companies that use animals in product testing

  • upper managers such as the CEO or key individuals in an organization

18
New cards

What is the purpose of a vishing attack?

  • to create emails and web pages to collect sensitive information from a user

  • to convince a victim on a phone call to disclose private or financial information

  • to use text messages to send malware or malicious links to mobile devices of users

  • to use USB sticks to compromise the systems of victims

  • to convince a victim on a phone call to disclose private or financial information

19
New cards

Which Apple iOS and Android tools can spoof a phone number, record calls, and generate different background noises?

  • Nessus

  • Asterisk

  • SpoofCard

  • BeEF

  • SpoofCard

20
New cards

A threat actor has sent a text message to a victim stating that they have won bitcoins in a bank contest. To claim their prize, the victim must click the provided link and enter their bank account information. What social engineering attack can be accomplished if the user enters their banking information?

  • vishing

  • SMS phishing

  • whaling

  • watering hole

  • SMS phishing

21
New cards

Which tool permits post-exploitation activities, such as Windows reverse VNC DLL and reverse TCP shell?

  • BeEF

  • SET

  • Nessus

  • Nikto

  • SET

22
New cards

Which tool can send fake notifications to the browser of a victim?

  • Nexpose

  • BeEF

  • Nikto

  • Asterisk

  • BeEF

23
New cards

A new employee is celebrating their position with a large company by posting a picture of their access identification on social media. What kind of physical attack has the new employee unknowingly enabled?

  • watering hole

  • pivot

  • badge cloning

  • shoulder surfing

  • badge cloning

24
New cards

A user has found a USB pen drive in the corporate parking lot. What should the user do with this pen drive?

  • throw the pen drive away

  • deliver the pen drive to the security sector of the company

  • plug the pen drive into a computer of the company, try to delete all the files, and use the pen drive for personal use

  • plug the pen drive into a computer of the company, try to access the files to identify who the pen drive belongs to

  • deliver the pen drive to the security sector of the company