Question 1

Hoaxes,while a potential nuisance,can not cause any real harm to your data.

Accepted Answer

Hoaxes can potentially cause harm to your data by tricking you into downloading malicious software or giving away sensitive information. It's important to always verify sources before clicking on links or downloading anything.

Question 2

Which of the following is NOT an example of a poor security practice?&#10;A)The user does not follow established security policies or processes.&#10;B)A result of a lack of security policies,procedures or training within the user's organization.&#10;C)An employee does not allow a person he is talking to,to enter a secured area behind him before showing proper credentials.&#10;D)An employee creates on good password and then uses it for all accounts.

Accepted Answer

All the other examples listed are poor security practices, but allowing someone to bypass security measures without proper identification is not a recommended practice.

Question 3

An attacker watches people as they enter a building requiring a key card.He waits until he see someone who appears to be in a rush and has their hands full.He then intercepts the person,makes quick small talk,offers to help them hold what's in their hands while he swipes in,and follows behind.This is an example of

A)Spear phishing
B)Pharming
C)Piggybacking
D)Man trapping

C

Accepted Answer

This is a social engineering technique known as piggybacking, where an attacker gains access to a secure area by following someone who has already been authorized to enter. The attacker takes advantage of the victim's trust, as they believe he is simply being helpful. This is a common physical security threat that can be prevented by ensuring that everyone entering a secure area has their own key card and is not permitted to hold open the door for someone else.

Question 4

When creating a password,users tend to use&#10;A)All capital letters&#10;B)Passwords that are too long&#10;C)Names of family,pets,or teams&#10;D)Numbers only

Accepted Answer

Users often create passwords using personal information such as names of family members, pets, or favorite sports teams because these are easy for them to remember. However, this practice makes passwords more vulnerable to guessing or hacking through social engineering techniques.

Question 5

What are the security risks of installing games on an organization's system?&#10;A)There are no significant risks.&#10;B)Users can't always be sure where the software came from and it may have hidden software inside of it.&#10;C)The users may play during work hours instead of during breaks.&#10;D)The games may take up too much memory on the computer and slow down processing making it difficult to work.

Accepted Answer

Users may unknowingly install games with hidden malware or viruses, which can compromise the security of an organization's system. It is important to ensure that all software installed on an organization's system is from a trusted source and thoroughly scanned for potential threats before installation.

Question 6

Installing unauthorized hardware such as a communication software and modem&#10;A)Is a common practice and does not affect the organization&#10;B)May cause a security breach and allow an intruder to have access to an organization's system by opening up a backdoor&#10;C)Boosts the system so downloading from the Internet will be faster&#10;D)Saves the company from buying a license by using other software

Accepted Answer

Installing unauthorized hardware and software can open up backdoors that intruders can use to access the organization's systems, leading to security breaches. It is a risky practice and should not be encouraged.

Question 7

What is a good first step for companies to take to fight potential social engineering attacks?&#10;A)Buy the latest virus protection software and install on the systems&#10;B)Establish policies and procedures dictating the roles and responsibilities all users,as well as security administrators&#10;C)Monitor all phone calls&#10;D)Conduct background checks on all contractors,consultants,delivery persons,and partners that may have access to the facilities

Accepted Answer

Establishing policies and procedures dictating the roles and responsibilities of all users, as well as security administrators, can help ensure that everyone is aware of the risks of social engineering attacks and how to prevent them. This includes training employees on how to recognize suspicious activity and how to react to it. While virus protection software, monitoring phone calls, and conducting background checks are all valuable security measures, they may be insufficient to protect against social engineering attacks on their own.

Question 8

Spear phishing is when an attacker attempts to redirect a user to a bogus web site that appears similar to the web site the user had intended to access.

Accepted Answer

Spear phishing is a targeted email attack designed to trick individuals into revealing personal information or credentials, not primarily about redirecting users to bogus websites.

Question 9

Attackers need a certain amount of information before launching their attack.One common place to find information is to go through the trash of the target to find information that could be useful to the attacker.This process of going through a target's trash is known in the community as

A)Trash rummaging
B)Garbage surfing
C)Piggy diving
D)Dumpster diving

Accepted Answer

Dumpster diving is the commonly used term in the security community for going through a target's trash in order to find potentially useful information for an attack. There is no such thing as trash rummaging or piggy diving, and while garbage surfing may exist as a term in some contexts, it is not commonly used in the context of security attacks.

Question 10

Social engineers attempt to convince authorized individuals to provide confidential information or access to an unauthorized individual.

Accepted Answer

Social engineering involves psychological manipulation to trick people into divulging confidential information or providing access to systems or areas they shouldn't. The individuals targeted in the social engineering attack are usually authorized to grant access or access the confidential information, but the attacker aims to convince them to do so for malicious purposes.

Question 11

All of the following are characteristics of a strong password EXCEPT:&#10;A)Contains numbers and letters&#10;B)Contains at least eight characters&#10;C)Contains an uncommon dictionary word&#10;D)Contains special characters,i.e. ,*%$#@

Accepted Answer

The answer of All of the following are characteristics of...

Question 12

When an attacker attempts to get credit card numbers using telephone and voice technologies,it's called&#10;A)Vishing&#10;B)Telephishing&#10;C)Phreaking&#10;D)Voicing

Accepted Answer

The answer of When an attacker attempts to get credit...

Question 13

The only means of social engineering is through direct contact between the target and the attacker.

Accepted Answer

The answer of The only means of social engineering is...

Question 14

Which of the following is the weakest password?&#10;A)I@w3us1@!&#10;B)P@$$w0rd&#10;C)C#as%t*1ng&#10;D)H#e31L9pM3 Even though the password has eight characters,uppercase,lowercase,and special characters,it spells a common word and may be one of the words in a password cracking dictionary.

Accepted Answer

The answer of Which of the following is the weakest...

Question 15

Phishing is the most common form of social engineering attack related to computer security.

Accepted Answer

The answer of Phishing is the most common form of...

Question 16

All of the following are techniques used by a social engineer EXCEPT:&#10;A)An attacker replaces a blank deposit slip in a bank lobby with one containing his own account number.&#10;B)An attacker calls up the IT department posing as an employee and requests a password reset.&#10;C)An attacker runs a brute force attack on a password.&#10;D)An attacker sends a forged e-mail with a link to a bogus web site that has been set to obtain personal information.

Accepted Answer

The answer of All of the following are techniques used...

Question 17

Users on your network receive an e-mail warning them of a dangerous computer virus.It instructs the user to delete files it claims were put there by the virus,but they are actually critical system files.This is an example of

A)Social engineering
B)Reverse social engineering
C)A hoax
D)Phishing

Accepted Answer

The answer of Users on your network receive an e-mail...

Question 18

A person parks his car by an ATM,sets up a small camera discreetly pointed at ATM keypad,and then pretends to be going through bank papers in his car.This would be an example of&#10;A)Piggybacking&#10;B)Shoulder surfing&#10;C)Phishing&#10;D)Social engineering

Accepted Answer

The answer of A person parks his car by an...

Question 19

When and attacker tries to convince the target to initiate contact and then gets the target to give up confidential information,this is known as&#10;A)Social engineering&#10;B)Reverse social engineering&#10;C)Piggybacking&#10;D)Flim flam

Accepted Answer

The answer of When and attacker tries to convince the...

Question 20

Social engineers attempt to exploit the natural tendencies of people.They do this by&#10;A)First trying to evoke sympathy;if this fails,then by fear of confrontation&#10;B)First trying to evoke fear of confrontation and then by sympathy&#10;C)First trying to guess passwords and then use a password cracker&#10;D)First trying to evoke passion and then fear

Accepted Answer

The answer of Social engineers attempt to exploit the natural...

Question 21

The process of convincing an authorized individual to provide confidential information or access to an unauthorized individual is known as _______________.

Accepted Answer

The answer of The process of convincing an authorized individual...

Question 22

_______________ is when an attacker attempts to redirect a user to a bogus web site that appears similar to the web site the user had intended to access.

Accepted Answer

The answer of _______________ is when an attacker attempts to...

Question 23

A good security practice is to choose one good password and use it for all of your various accounts.

Accepted Answer

The answer of A good security practice is to choose...

Question 24

A(n)_______________ is an avenue that can be used to access a system while circumventing normal security mechanisms,and can often be used to install additional executable files.

Accepted Answer

The answer of A(n)_______________ is an avenue that can be...

Question 25

Give an example of a hoax and how it might actually be destructive.

Accepted Answer

The answer of Give an example of a hoax and...

Question 26

Your boss saw a TV show that mentioned the term &#34;social engineering.&#34; He wants to know what it is and how it might be used against the company.

Accepted Answer

The answer of Your boss saw a TV show that...

Question 27

_______________ is the simple tactic of following closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.

Accepted Answer

The answer of _______________ is the simple tactic of following...

Question 28

One of the most effective tools for foiling the efforts of a social engineering attack is an active security awareness program.

Accepted Answer

The answer of One of the most effective tools for...

Question 29

Write a password policy that your company will have to follow to ensure strong passwords.

Accepted Answer

The answer of Write a password policy that your company...

Question 30

The process of going through a target's trash in hopes of finding valuable information that might be used in a penetration attempt is known as _______________.

Accepted Answer

The answer of The process of going through a target's...

Question 31

_______________ is when an e-mail trying to get sensitive information is sent to a group that has something in common,making the attack seem more personal.

Accepted Answer

The answer of _______________ is when an e-mail trying to...

Question 32

Your boss wants you to give him some suggestions for a policy stating what the individual user responsibilities for information security should be.Create a bulleted list of those responsibilities.

Accepted Answer

The answer of Your boss wants you to give him...

Question 33

An attacker posts a flier offering services to clean computers of a virus that is sweeping the Internet,speeding them up as a result.A person concerned that he may have the virus because his computer was running slow,calls the attacker,asking for help.This is an example of ___________________.

Accepted Answer

The answer of An attacker posts a flier offering services...

Question 34

Shoulder surfing is when a person looks over the shoulder of another person while typing pins or passwords.

Accepted Answer

The answer of Shoulder surfing is when a person looks...

Question 35

Leaving sensitive information in a car is appropriate if the doors are locked and the files are not in plain view.

Accepted Answer

The answer of Leaving sensitive information in a car is...

Question 36

When an attacker attempts to get sensitive information from a target using voice communication technology,it is called _______________.

Accepted Answer

The answer of When an attacker attempts to get sensitive...

Question 37

What are the dangers of non-employees having physical access? Give examples.

Accepted Answer

The answer of What are the dangers of non-employees having...

Question 38

Dumpster diving is when a hacker gains access to a computer and tries to recover files from the recycle bin in the hopes of finding privileged information.

Accepted Answer

The answer of Dumpster diving is when a hacker gains...

Question 39

_______________ is a type of social engineering in which the attacker attempts to obtain sensitive information from a user by masquerading as a trusted entity in an e-mail or instant message sent to a large group of (often)random users.

Accepted Answer

The answer of _______________ is a type of social engineering...

Question 40

When an attacker tries to position himself behind a user so that he can see what keys are being typed or what information is on the screen is called _______________

Accepted Answer

The answer of When an attacker tries to position himself...

Deck 4: The Role of People in Security