FORMATIVE 4 Flashcards
(25 cards)
What type of threat allows an attacker to obtain the credentials of a bank client by spoofing the login webpage of a financial institution?
piggybacking
vishing
whaling
malvertising
malvertising
What is a watering hole attack?
an attack carried out in a phone conversation
an attack targeted at high-profile business executives and key individuals in a company
an attack that exploits a website that is commonly accessed by members of a targeted organization
an attack performed by an unauthorized person who tags along with an authorized person to gain entry to a restricted area
an attack that exploits a website that is commonly accessed by members of a targeted organization
What is the act of gaining knowledge or information from a victim without directly asking for that particular information?
influence
elicitation
interrogation
impersonation
elicitation
A threat actor has altered the host file for a commonly accessed website on the computer of a victim. Now when the user clicks on the website link, they are redirected to a malicious website. What type of attack has the threat actor accomplished?
phishing
vishing
pharming
tailgating
pharming
Why would a threat actor use the Social-Engineering Toolkit (SET)?
to send a spear phishing email
to spoof a phone number
to manipulate users by leveraging XSS vulnerabilities
to practice social engineering elicitation, interrogation, and pretexting skills
to send a spear phishing email
Which option is a voice over IP management tool that can be used to impersonate caller ID?
SpoofCard
Asterisk
SpoofApp
Nikto
Asterisk
A salesperson is attempting to convince a customer to buy a product because limited supplies are available. Which social engineering method of influence is being used by the salesperson?
social proof
authority
likeness
scarcity
scarcity
What method of influence is characterized when a celebrity endorses a product on social media?
social proof
scarcity
authority
fear
social proof
Apple is a company constantly working towards making its products and processes more environmentally friendly. Therefore, the Apple brand is associated with ideals and values that customers can relate to and support. What method of influence is being used by Apple?
fear
scarcity
authority
likeness
likeness
A threat actor has sent a phishing email to a victim stating that suspicious activity has been detected on their bank account and that they must immediately click on a provided link to change their password. What method of influence is being used by the threat actor?
social proof
authority
likeness
urgency
urgency
Which social engineering physical attack statement is correct?
In the tailgating attack, an unauthorized person tags along with an authorized person to gain entry to a restricted area with the person’s consent.
In the piggybacking attack, an unauthorized person tags along with an authorized person to gain entry to a restricted area without the person’s consent.
Badge cloning attacks cannot be performed by software.
Shoulder surfing can be prevented by using special screen filters for computer displays.
Shoulder surfing can be prevented by using special screen filters for computer displays.
Which tool provides a threat actor a web console to manipulate users who are victims of cross-site scripting (XSS) attacks?
Asterisk
SET
BeEF
Nikto
BeEF
Which Apple iOS and Android tool can be used to spoof a phone number?
SpoofApp
Nessus
Asterisk
BeEF
SpoofApp
What two physical attacks are mitigated by using access control vestibules? (Choose two.)
shoulder surfing
dumpster diving
tailgating
badge cloning
piggybacking
tailgating
piggybacking
Which two access control options are commonly used in conjunction with access control vestibules? (Choose two.)
proximity card and PIN
turnstile
security guard
toll collector
biometric scan
proximity card and PIN
biometric scan
Which resource would mitigate piggybacking and tailgating?
security guard
camera
“no trespassing” warnings
badge/card access
security guard
Which tool can launch social engineering attacks and be integrated with third-party tools and frameworks such as Metasploit?
BeEF
Nessus
SET
Asterisk
SET
Who is the target of a whaling attack?
upper managers such as the CEO or key individuals in an organization
ordinary users
user groups of social networks such as Facebook and Twitter
companies that use animals in product testing
upper managers such as the CEO or key individuals in an organization
What is the purpose of a vishing attack?
to create emails and web pages to collect sensitive information from a user
to convince a victim on a phone call to disclose private or financial information
to use text messages to send malware or malicious links to mobile devices of users
to use USB sticks to compromise the systems of victims
to convince a victim on a phone call to disclose private or financial information
Which Apple iOS and Android tools can spoof a phone number, record calls, and generate different background noises?
Nessus
Asterisk
SpoofCard
BeEF
SpoofCard
A threat actor has sent a text message to a victim stating that they have won bitcoins in a bank contest. To claim their prize, the victim must click the provided link and enter their bank account information. What social engineering attack can be accomplished if the user enters their banking information?
vishing
SMS phishing
whaling
watering hole
SMS phishing
Which tool permits post-exploitation activities, such as Windows reverse VNC DLL and reverse TCP shell?
BeEF
SET
Nessus
Nikto
SET
Which tool can send fake notifications to the browser of a victim?
Nexpose
BeEF
Nikto
Asterisk
BeEF
A new employee is celebrating their position with a large company by posting a picture of their access identification on social media. What kind of physical attack has the new employee unknowingly enabled?
watering hole
pivot
badge cloning
shoulder surfing
badge cloning
