An email message containing warning related to a non-existent
computer security threat, asking a user to delete system files
falsely identified as malware, and/or prompting them to share the
message with others is an example of: Virus Hoax
Privacy filter
(a.k.a. privacy screen) is a protective overlay placed on the
computer screen that narrows the viewing angle, so the screen content
is only visible directly in front of the monitor and cannot be seen
by others nearby. Privacy filter is one of the countermeasures
against shoulder surfing. True
A situation in which
an unauthorized person can view another user's display or keyboard to
learn their password or other confidential information is referred to
as: Shoulder Surfing
In computer
security, the term "Dumpster diving" is used to describe a
practice of sifting through trash for discarded documents containing
sensitive data. Found documents containing names and surnames of the
employees along with the information about positions held in the
company and other data can be used to facilitate social engineering
attacks. Having the documents shredded or incinerated before disposal
makes dumpster diving less effective and mitigates the risk of social
engineering attacks. True
Which social
engineering attack relies on identity theft? Impersonation
What is tailgating?
Gaining unauthorized access to restricted areas by following
another person.
The practice of
using a telephone system to manipulate user into disclosing
confidential information is called: Vishing
Phishing scams
targeting people holding high positions in an organization or
business are known as: Whaling
Phishing scams
targeting a specific group of people are referred to as: Spear
Phishing
A social engineering
technique whereby attackers under disguise of legitimate request
attempt to gain access to confidential information they shouldn't
have access to is commonly referred to as: Phishing
A fraudulent email
requesting its recipient to reveal sensitive information (e.g. user
name and password) used later by an attacker for the purpose of
identity theft is an example of: Phishing, Social Engineering
An unauthorized
practice of obtaining confidential information by manipulating people
into disclosing sensitive data is referred to as: Social
Engineering
Which of the terms
listed below refers to a platform used for watering hole attacks?
Websites
While conducting a
web research that would help in making a better purchasing decision,
a user visits series of Facebook pages and blogs containing fake
reviews and testimonials in favor of a paid app intentionally
infected with malware. Which social engineering principle applies to
this attack scenario? Consensus
An attacker
impersonating a software beta tester replies to a victim's post in a
forum thread discussing the best options for affordable productivity
software. A while later, he/she follows up by sending the victim
private message mentioning the discussion thread and offering free
access to a closed beta version of a fake office app. Which social
engineering principles apply to this attack scenario? Scarcity,
Familiarity, Trust
An attacker
impersonates a company's managing staff member to manipulate a lower
rank employee into disclosing confidential data. The attacker informs
the victim that the information is essential for a task that needs to
be completed within the business hours on the same day and mentions
potential financial losses for the company in case the victim refuses
to comply. Which social engineering principles apply to this attack
scenario? Urgency, Authority, Intimidation
