Pentest+ Practice Exam Chapter 6 Social Engineering (Jonathan Ammerman) Flashcards
Which motivation technique attempts to leverage a person’s respect for leadership in legal, organizational, or social contexts to gain access to property or controlled information?
A. Social proof
B. Authority
C. Likeability
D. Fear
B. Authority
Explanation:
The use of authority as a motivational technique relies on the abuse of people’s trust for legal, organizational, and social leadership figures in order to gain access to secured locations or controlled information.
Which of the following social engineering attacks is an example of waterholing?
A. Seeding a parking lot with USB thumb drives containing a malicious Excel spreadsheet titled “Quarterly Bonuses”
B. Digging through a company’s trash before collection in an attempt to find sensitive information that has been thrown out rather than shredded and destroyed properly
C. Embedding an XSS payload on an intranet site that is widely used within the organization for incident management and reporting
D. Asking subtly probing questions about the guard rotation at a security checkpoint
C. Embedding an XSS payload on an intranet site that is widely used within the organization for incident management and reporting
Explanation:
The use of an internally trusted site to house a malicious payload is an example of waterholing
Which social engineering attack vector may broadly be considered a remote attempt to elicit information or a desired action, but also necessarily includes technical components such as spam, web filter, and firewall evaluation? A. Shoulder surfing B. Phishing C. Scarcity D. Interrogation
B. Phishing
Explanation:
Of the choices given, the description provided best defines the term “phishing.” Phishing, which may be conducted through e-mail or phone lines, tests not only
Location: 4722
the target’s awareness of security threats but also technical defenses such as spam filters and firewalls.
The tool shown in the following illustration is a Python-based, text-only framework used for various social engineering attacks, such as e-mail phishing and website-based attacks. What is it called? A. SET B. BeEF C. GoPhish D. Maltego
A. SET
Explanation:
The tool described and pictured is SET—the Social Engineering Toolkit. Written by Dave Kennedy, SET is a robust framework capable of handling payload generation, malicious website creation and hosting, and mass e-mailing.
The tool shown next is a Ruby-based framework focused on penetration testing and social engineering attacks that specifically target web browsers. What is it called? A. GoPhish B. BeEF C. Maltego D. SET
B. BeEF
Explanation:
The tool described and shown is BeEF. Short for Browser Exploitation Framework, BeEF is a Ruby-based framework developed by The BeEF Project, designed to assist penetration tests by focusing on client-side attack vectors.
Refer to the following scenario for the following five questions: You have been contracted for a penetration test of a small IT support company (approximately 50 people). A chief component of the assessment is focused on the security mindfulness of its employees, and includes a physical penetration test. You begin by waiting until late at night and stealing trash bags…
Location: 4551
other sensitive information. You are also asked to run a phishing campaign and are given a selection of individuals who may be specifically targeted. When executing the campaign, you elect to use a text-based framework that can generate payloads, create malicious files, and send e-mails as directed. During the physical penetration test phase, you are not only able to breach the perimeter while posing as a fire marshal on site to inspect sprinkler systems, but are able to identify an employee’s username and password by glancing over their shoulder as they type.
The opening action of stealing trash to look for sensitive information that may be of use during a pentest is an example of what?
A.Interrogation
B.Dumpster diving
C.Waterholing
D.Phishing
B.Dumpster diving
Explanation:
The theft of company garbage for the purpose of sifting through it for sensitive or valuable information is an example of dumpster diving.
In what document would you look to confirm the names and e-mail addresses that have been explicitly approved for targeting during the penetration test?
A. Rules of engagement (RoE) +
B. Master service agreement (MSA)
C. Pre-engagement survey
D. Nondisclosure agreement
A. Rules of engagement (RoE)
Explanation:
The names and e-mail addresses approved for targeting would be expected to be detailed in the rules of engagement for the assessment.
Of the following options, which tool was most likely used to run the phishing campaign?
A. BeEF
B. Maltego
C. exim4
D. SET
D. SET
Explanation:
The tool best described by the scenario is SET, the Social Engineering Toolkit. SET is a robust framework capable of handling payload generation, malicious website creation and hosting, and mass e-mailing.
In the scenario, you decide to pose as a fire marshal with a lawful reason to be on the company’s property. The creation of this persona and their reason for being on site is an example of what? A. Urgency B. Pretexting C. Waterholing D. Interrogation
B. Pretexting
Explanation:
The crafting of a persona that is assumed during a social engineering effort, whether in person, over the phone, or via e-mail, is pretexting. It revolves around creating a reason—a pretext—for the penetration tester to be in a given place, or a reason for asking for something.
While on site, you were able to identify a valid username and password using what social engineering technique? A. Baiting B. Shoulder surfing C. Interrogation D. Waterholing
B. Shoulder surfing
Explanation:
Observing a valid username and password as they were being entered is an example of shoulder surfing
Refer to the following scenario for the next five questions: You have been contracted for a penetration test of a large multinational company. As part of this engagement, they have requested that you attempt social engineering attacks on their employees. You are told that you may target any employees you wish, but that the client would like to see your target list before you execute the attack—and that they will not be providing any target e-mail addresses prior to your campaign. During your research, you identify several hundred e-mail addresses for employees of the organization, including several who are listed as members of a team that designs consumer-grade appliances, some who identify themselves as systems administrators, and a handful of corporate-level executive personnel. For your phishing attacks, you elect to create a landing page mimicking a commonly used web application and generate a payload that will compromise the user’s web browser, from which you can launch further attacks against the client’s network.
- Given the lack of information provided by the client about potential social engineering targets, which of the following tools would be the most time-efficient way to begin casing the target to identify critical information, automating tasks such as collecting names of personnel or the corporate e-mail address schema?
A. OSINT Framework
B. SET
C. theharvester
D. BeEF
C. theharvester
Explanation:
The ability to identify hosts, IP addresses, and e-mail addresses based on nothing more than a domain name means theharvester can be exceedingly valuable in penetration tests where the tester is provided little or no information. The relative ease of use means Internet-based resources can be picked over for information with a minimal amount of effort, making it a more efficient starting point for information collection.
The request that the organization be allowed to see your list of targets before executing a phishing campaign would most likely be detailed in which document?
A. Master service agreement (MSA)
B. Nondisclosure agreement (NDA)
C. Rules of engagement (RoE)
D. Written authorization letter
C. Rules of engagement (RoE)
Explanation:
A client request to see the list of targets identified before the execution of a phishing campaign would be expected to be detailed in the rules of engagement for a given assessment
You elect to craft a specific phishing e-mail for the team that designs consumer-grade appliances alone. What is this an example of? A. Vishing B. Baiting C. Waterholing D. Spear phishing
D. Spear phishing
Explanation:
Targeting this specific team would be an example of spear phishing, as the penetration tester is specifically targeting a certain subsection of employees of the client organization.
You craft another set of phishing e-mails for this campaign: one targeting the system administrators, and another targeting the corporate personnel. What is this an example of? A. Whaling B. Waterholing C. Baiting D. Pretexting
A. Whaling
Explanation:
Given the damage potential of compromising the workstations and personal accounts of company systems administrators and executive-level corporate personnel, this would be an example of whaling.
Which of the following tools would be best suited to compromising end-user web browsers, allowing you to use them to execute further attacks against the client network? A. SET B. Maltego C. BeEF D. exim4
C. BeEF
Explanation:
BeEF—the Browser Exploitation Framework—would be the best tool for the compromise and further exploitation of end-user web browsers, as it was designed from the ground up specifically for the task.
