4.5 Social Engineering

How can an organization help prevent social engineering attacks?

Publish and enforce clearly written security policies AND educate employees on the risks and countermeasures

What is the primary countermeasure to social engineering?

Awareness

Which of the following is a common form of social engineering attack?

Hoax virus information e-mails

Which type of social engineering attack uses peer pressure to persuade someone to help an attacker?

Social validation

By definition, which type of social engineering attack uses a fictitious scenario to persuade to give information for which they are not authorized?

Pretexting

What is the primary difference between impersonation and masquerading?

One is more active, the other is more passive

Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Establish and enforce a document destruction policy

A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of an attack best describes the scenario?

Whaling

Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well knows e-commerce site?

Phishing

Which of the following are examples of social engineering?

Dumpster diving AND Shoulder surfing

Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information?

Vishing

The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering attack?

Authority

You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you are to go to a website and enter your username and password at a new website so you can manage your email and spam using the new service. What should you do?

Verify that the email was sent by the administrator and that this new service is legitimate

You've just received an email message that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat. What should your first action based on this message be?

Verify the information on well-known malicious code threat management Web Sites

Dictionary attacks are often more successful when performed after what reconnaissance action?

Social engineering

4.5 Social Engineering - Subjecto.com

4.5 Social Engineering

Your page rank:

Total word count: 464
Pages: 2

Calculate the Price

- -
275 words
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a Consultant

How can an organization help prevent social engineering attacks?

Publish and enforce clearly written security policies AND educate employees on the risks and countermeasures

What is the primary countermeasure to social engineering?

Awareness

Which of the following is a common form of social engineering attack?

Hoax virus information e-mails

Which type of social engineering attack uses peer pressure to persuade someone to help an attacker?

Social validation

By definition, which type of social engineering attack uses a fictitious scenario to persuade to give information for which they are not authorized?

Pretexting

What is the primary difference between impersonation and masquerading?

One is more active, the other is more passive

Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Establish and enforce a document destruction policy

A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn’t know and he is asking for immediate clarification on several of the project’s details so the project can get back on schedule. Which type of an attack best describes the scenario?

Whaling

Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well knows e-commerce site?

Phishing

Which of the following are examples of social engineering?

Dumpster diving AND Shoulder surfing

Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information?

Vishing

The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering attack?

Authority

You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you are to go to a website and enter your username and password at a new website so you can manage your email and spam using the new service. What should you do?

Verify that the email was sent by the administrator and that this new service is legitimate

You’ve just received an email message that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat. What should your first action based on this message be?

Verify the information on well-known malicious code threat management Web Sites

Dictionary attacks are often more successful when performed after what reconnaissance action?

Social engineering

Share This
Flashcard

More flashcards like this

NCLEX 10000 Integumentary Disorders

When assessing a client with partial-thickness burns over 60% of the body, which finding should the nurse report immediately? a) ...

Read more

NCLEX 300-NEURO

A client with amyotrophic lateral sclerosis (ALS) tells the nurse, "Sometimes I feel so frustrated. I can’t do anything without ...

Read more

NASM Flashcards

Which of the following is the process of getting oxygen from the environment to the tissues of the body? Diffusion ...

Read more

Unfinished tasks keep piling up?

Let us complete them for you. Quickly and professionally.

Check Price

Successful message
sending