Featured

SE QUIZ

0
Created on By hackdefendr

Social Engineering

Social Engineering 101

Just a quick quiz for you Social Engineering enthusiasts.

1 / 18

Which type of social engineering attack might involve giving away USB drives with malware loaded on them?

2 / 18

A social engineering technique whereby attackers under disguise of legitimate request attempt to gain access to confidential information they shouldn't have access to is commonly referred to as:

3 / 18

Phishing scams targeting people holding high positions in an organization or business are known as:

4 / 18

While conducting a web research that would help in making a better purchasing decision, a user visits a series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware. Which social engineering principle applies to this attack scenario?

5 / 18

Privacy filter (a.k.a. privacy screen) is a protective overlay placed on the computer screen that narrows the viewing angle, so the screen content is only visible directly in front of the monitor and cannot be seen by others nearby. Privacy filter is one of the countermeasures against shoulder surfing.

6 / 18

An attacker impersonates a company's managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply. Which social engineering principles apply to this attack scenario? (Select 3 answers)

7 / 18

What is the most common type of social engineering attack?

8 / 18

A situation in which an unauthorized person can view another user's display or keyboard to learn their password or other confidential information is referred to as:

9 / 18

A fraudulent email requesting its recipient to reveal sensitive information (e.g. user name and password) used later by an attacker for the purpose of identity theft is an example of: (Select all that apply)

10 / 18

An unauthorized practice of obtaining confidential information by manipulating people into disclosing sensitive data is referred to as:

11 / 18

In computer security, the term "Dumpster diving" is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.

12 / 18

Which of the terms listed below refers to a platform used for watering hole attacks?

13 / 18

An email message containing warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others is an example of:

14 / 18

What is tailgating?

15 / 18

An attacker impersonating a software beta tester replies to a victim's post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app. Which social engineering principles apply to this attack scenario? (Select 3 answers)

16 / 18

Which social engineering attack relies on identity theft?

17 / 18

The practice of using a telephone system to manipulate user into disclosing confidential information is called:

18 / 18

Phishing scams targeting a specific group of people are referred to as:

Your score is

The average score is 0%

0%