Complete Test Bank Ch4 Social Engineering Attacks

CompTIA® PenTest+ Cert Guide

Chapter 4 Social Engineering Attacks

1) What is the purpose of phishing?

A) To get the user to disclose confidential information

B) To use the user’s email address book to send out bogus emails

C) To redirect user web browsers to sites hosting malware

D) To send out SMS messages containing links to sites containing malware

2) Which term describes a threat actor redirecting a victim from a valid website to a malicious one that looks like the valid site?

A) Spear phishing

B) Pharming

C) SMS phishing

D) Malvertising

3) What is the purpose of malvertising?

A) To use the user’s email address book to send out bogus emails

B) To enumerate the open ports on the user’s system

C) To get the user to disclose confidential information

D) To redirect user web browsers to sites hosting malware

4) How is spear phishing different from regular phishing?

A) Installs malware on the user system

B) Sent out via SMS

C) Directly targets specific individuals or companies

D) Replicates itself

5) _______ is a social engineering attack carried out over a phone conversation.

A) Whaling

B) Voice phishing

C) Spear phishing

D) SMS phishing

6) What is the difference between whaling and spear phishing?

A) With spear phishing, the attack is targeted at high-profile executives

B) Spear phishing does not target specific companies or individuals

C) Whaling does not target specific companies or individuals

D) With whaling, the attack is targeted at high-profile executives

7) An attacker presents as someone else in order to gain access to information in which type of attack?

A) Pretexting

B) Interrogation

C) Phishing

D) Pharming

8) Which of these is a social engineering motivation technique?

A) Malware

B) Whaling

C) Pharming

D) Social proof

9) Gaining information by surreptitiously reading someone’s computer screen is known as:

A) Pharming

B) Phishing

C) Shoulder surfing

D) Pretexting

10) Key drop is a type of attack in which:

A) An attacker leaves a USB thumb drive where the target is likely to find it

B) A set of keys is left in a public place

C) A piece of paper with usernames and passwords is left on a user’s desk

D) Electronic access keys are emailed to the target

11) Where does malvertising typically appear?

A) On a legitimate, trusted website

B) On an untrusted, unknown website

C) In an email message from a trusted, known sender

D) In an email message from an untrusted, unknown sender

12) What does an attacker using open-ended elicitation try to gain?

A) Answers to specific questions that have only one correct answer

B) Answers to broadly worded questions that could have many different answers

C) Usernames and passwords for the target system

D) Ransom money wired to their account

13) Authority, scarcity, and urgency are all motivation techniques used in what type of attack?

A) Malware

B) Social engineering

C) Whaling

D) Pharming

14) When interrogation is done in person, which of these is something the interrogator pays attention to?

A) Direction of the victim’s head and eyes

B) Pitch and rate of the victim’s voice

C) Victim’s posture and body language

D) All of the above

15) A victim receiving a text message telling them to click a link to confirm their account and claim bitcoin is an example of which type of attack?

A) Whaling

B) SMS phishing

C) Text phishing

D) Spear phishing

16) What might an attacker use the SET utility to do?

A) Create a spear phishing email

B) Launch a man-in-the-middle attack

C) Mass-mail malvertising

D) Mass-send an SMS text message

17) When creating a whaling attack, it is important to:

A) Send the email out as widely as possible within an organization

B) Create a very realistic, believable fake email or web page that will fool a sophisticated user

C) Attach an executable payload

D) All of the above

18) Someone who impersonates an IT worker and provides unsolicited in-person help to a computer user is executing which type of attack?

A) Pharming

B) Malvertising

C) Pretexting

D) Whaling

19) An attacker who puts the victim in a situation where he or she is not able to determine the appropriate mode of behavior is using which technique?

A) Fear

B) Likeness

C) Scarcity

D) Social proof

20) A typical use of voice phishing is to:

A) Get users to click on a hyperlink that leads to a malicious website

B) Steal credit card numbers and other information used in identity theft

C) Steal user names and passwords in bulk from a server

D) Install malware