M5 Practice Quiz

#social_engineering

Question 1

  1. Which of the following types of phishing attacks is used to specifically target high-level executives or important officials within an organization?

    Options:

    • Phishing
    • Spear phishing
    • Whaling
    • Impersonation

    Overall explanation:

    • Whaling is a targeted phishing attack that specifically focuses on high-level executives or important officials within an organization.
    • Phishing is a broad category of cyber attacks where attackers use deceptive emails or messages to trick recipients into disclosing sensitive information or taking a malicious action.
    • Spear phishing narrows this approach, targeting specific individuals or groups with customized deceptive messages.
    • Impersonation, meanwhile, involves an attacker pretending to be someone they're not, often a trusted individual, in order to manipulate a victim.

    Tags: Phishing

Question 2

  1. During an anti-phishing campaign, what primary action should a company take after simulating a successful phishing attack on its employees?

    Options:

    • Terminate employees who fall for the simulated attack
    • Provide immediate remedial training to employees who fell for the attack
    • Increase the organization's network security measures to prevent phishing attacks in the first place
    • Send a warning email to all of the organizations employees so they will be aware of phishing as a problem

    Overall explanation:

    • The primary goal of an anti-phishing campaign is to educate and raise awareness. Providing immediate feedback helps employees recognize and rectify their mistakes will make them less likely to fall for real phishing attacks in the future.
    • Terminating employees who fall for simulated attacks creates a culture of fear and discourages incident reporting, making it counterproductive.
    • Merely sending a warning email after such an attack lacks context and guidance, and doesn't adequately prepare employees for future threats.
    • While bolstering network security is crucial, an over-reliance on technology overlooks the human element targeted by phishing, underscoring the need for comprehensive user education.

    Tags: Preventing Phishing Attacks

Question 3

  1. Which social engineering technique involves searching through a target's trash or discarded items to obtain sensitive or valuable information?

    Options:

    • Dumpster diving
    • Shoulder surfing
    • Diversion theft
    • Eavesdropping

    Overall explanation:

    • Dumpster diving involves searching through a target's trash or discarded items to obtain sensitive or valuable information.
    • Diversion theft is the act of redirecting or distracting a target to facilitate theft or unauthorized access.
    • Shoulder surfing refers to the act of covertly observing a person's keyboard, screen, or other input devices to obtain passwords, PINs, and other sensitive information.
    • Eavesdropping is the passive interception of a private conversation, typically done covertly, to gather information.

    Tags: Other Social Engineering Attacks

Question 4

  1. Which social engineering attack involves an attacker creating a fabricated scenario to manipulate or deceive someone into divulging confidential information?

    Options:

    • Eavesdropping
    • Shoulder surfing
    • Dumpster diving
    • Pretexting

    Overall explanation:

    • Pretexting is a form of social engineering where attackers create a scenario or pretext to manipulate or deceive someone into divulging confidential information.
    • Dumpster diving refers to searching through a target's trash or discarded items to obtain sensitive or valuable information.
    • Shoulder surfing involves covertly observing a person's keyboard, screen, or other input devices to glean passwords, PINs, and other sensitive data.
    • Eavesdropping is the passive interception of a private conversation, typically done covertly, to gather information.

    Tags: Pretexting

Question 5

  1. Which of the following is a common motivational trigger used in social engineering attacks to manipulate victims to act or respond without taking time to think about the consequences?

    Options:

    • Urgency
    • Social proof
    • Likability
    • Authority

    Overall explanation:

    • Urgency is frequently employed in social engineering attacks to induce a sense of immediate action, compelling the target to respond quickly, often without giving the situation proper thought or scrutiny.
    • Likability leverages the tendency of people to be more receptive or trusting towards those they find personable or charismatic.
    • Authority uses the appearance or claim of a higher position or expertise to influence actions or decisions.
    • Social proof relies on the human tendency to look to others' actions or opinions to inform their own behavior, especially in uncertain situations.

    Tags: Motivational Triggers