Question 1

Social engineers attempt to exploit the natural tendencies of people.They do this by

Accepted Answer

A) First trying to evoke sympathy;if this fails,then by fear of confrontation 
B) First trying to evoke fear of confrontation and then by sympathy 
C) First trying to guess passwords and then use a password cracker 
D) First trying to evoke passion and then fear 
A) First trying to evoke sympathy;if this fails,then by fear of confrontation 
B) First trying to evoke fear of confrontation and then by sympathy 
C) First trying to guess passwords and then use a password cracker 
D) First trying to evoke passion and then fear A

Question 2

_______________ is the simple tactic of following closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.

Accepted Answer

Piggybacking

Question 3

When an attacker tries to position himself behind a user so that he can see what keys are being typed or what information is on the screen is called _______________

Accepted Answer

shoulder su rfing

Question 4

_______________ is when an attacker attempts to redirect a user to a bogus web site that appears similar to the web site the user had intended to access.

Accepted Answer

The answer of _______________ is when an attacker attempts to...

Question 5

Social engineers attempt to convince authorized individuals to provide confidential information or access to an unauthorized individual.

Accepted Answer

A) True 
 B)False

Question 6

_______________ is when an e-mail trying to get sensitive information is sent to a group that has something in common,making the attack seem more personal.

Accepted Answer

The answer of _______________ is when an e-mail trying to...

Question 7

Which of the following is NOT an example of a poor security practice?

Accepted Answer

A) The user does not follow established security policies or processes. 
B) A result of a lack of security policies,procedures or training within the user's organization. 
C) An employee does not allow a person he is talking to,to enter a secured area behind him before showing proper credentials. 
D) An employee creates on good password and then uses it for all accounts. 
A) The user does not follow established security policies or processes. 
B) A result of a lack of security policies,procedures or training within the user's organization. 
C) An employee does not allow a person he is talking to,to enter a secured area behind him before showing proper credentials. 
D) An employee creates on good password and then uses it for all accounts.

Question 8

A good security practice is to choose one good password and use it for all of your various accounts.

Accepted Answer

A) True 
 B)False

Question 9

What is a good first step for companies to take to fight potential social engineering attacks?

Accepted Answer

A) Buy the latest virus protection software and install on the systems 
B) Establish policies and procedures dictating the roles and responsibilities all users,as well as security administrators 
C) Monitor all phone calls 
D) Conduct background checks on all contractors,consultants,delivery persons,and partners that may have access to the facilities 
A) Buy the latest virus protection software and install on the systems 
B) Establish policies and procedures dictating the roles and responsibilities all users,as well as security administrators 
C) Monitor all phone calls 
D) Conduct background checks on all contractors,consultants,delivery persons,and partners that may have access to the facilities

Question 10

Leaving sensitive information in a car is appropriate if the doors are locked and the files are not in plain view.

Accepted Answer

A) True 
 B)False

Question 11

An attacker posts a flier offering services to clean computers of a virus that is sweeping the Internet,speeding them up as a result.A person concerned that he may have the virus because his computer was running slow,calls the attacker,asking for help.This is an example of ___________________.

Accepted Answer

reverse so

Question 12

What are the dangers of non-employees having physical access? Give examples.

Accepted Answer

If someone gains physical acce

Question 13

When an attacker attempts to get credit card numbers using telephone and voice technologies,it's called

Accepted Answer

A) Vishing 
B) Telephishing 
C) Phreaking 
D) Voicing 
A) Vishing 
B) Telephishing 
C) Phreaking 
D) Voicing

Question 14

All of the following are techniques used by a social engineer EXCEPT:

Accepted Answer

A) An attacker replaces a blank deposit slip in a bank lobby with one containing his own account number. 
B) An attacker calls up the IT department posing as an employee and requests a password reset. 
C) An attacker runs a brute force attack on a password. 
D) An attacker sends a forged e-mail with a link to a bogus web site that has been set to obtain personal information. 
A) An attacker replaces a blank deposit slip in a bank lobby with one containing his own account number. 
B) An attacker calls up the IT department posing as an employee and requests a password reset. 
C) An attacker runs a brute force attack on a password. 
D) An attacker sends a forged e-mail with a link to a bogus web site that has been set to obtain personal information.

Question 15

Dumpster diving is when a hacker gains access to a computer and tries to recover files from the recycle bin in the hopes of finding privileged information.

Accepted Answer

A) True 
 B)False

Question 16

Give an example of a hoax and how it might actually be destructive.

Accepted Answer

An e-mail is sent th

Question 17

A(n)_______________ is an avenue that can be used to access a system while circumventing normal security mechanisms,and can often be used to install additional executable files.

Accepted Answer

The answer of A(n)_______________ is an avenue that can be...

Question 18

An attacker watches people as they enter a building requiring a key card.He waits until he see someone who appears to be in a rush and has their hands full.He then intercepts the person,makes quick small talk,offers to help them hold what's in their hands while he swipes in,and follows behind.This is an example of

Accepted Answer

A) Spear phishing 
B) Pharming 
C) Piggybacking 
D) Man trapping 
A) Spear phishing 
B) Pharming 
C) Piggybacking 
D) Man trapping

Question 19

Your boss saw a TV show that mentioned the term "social engineering." He wants to know what it is and how it might be used against the company.

Accepted Answer

Social engineers use their knowledge of

Question 20

Hoaxes,while a potential nuisance,can not cause any real harm to your data.

Accepted Answer

A) True 
 B)False

Exam 4: The Role of People in Security

Social engineers attempt to exploit the natural tendencies of people.They do this by

_______________ is the simple tactic of following closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.

When an attacker tries to position himself behind a user so that he can see what keys are being typed or what information is on the screen is called _______________

_______________ is when an attacker attempts to redirect a user to a bogus web site that appears similar to the web site the user had intended to access.

Social engineers attempt to convince authorized individuals to provide confidential information or access to an unauthorized individual.

_______________ is when an e-mail trying to get sensitive information is sent to a group that has something in common,making the attack seem more personal.

Which of the following is NOT an example of a poor security practice?

A good security practice is to choose one good password and use it for all of your various accounts.

What is a good first step for companies to take to fight potential social engineering attacks?

Leaving sensitive information in a car is appropriate if the doors are locked and the files are not in plain view.

An attacker posts a flier offering services to clean computers of a virus that is sweeping the Internet,speeding them up as a result.A person concerned that he may have the virus because his computer was running slow,calls the attacker,asking for help.This is an example of ___________________.

What are the dangers of non-employees having physical access? Give examples.

When an attacker attempts to get credit card numbers using telephone and voice technologies,it's called

All of the following are techniques used by a social engineer EXCEPT:

Dumpster diving is when a hacker gains access to a computer and tries to recover files from the recycle bin in the hopes of finding privileged information.

Give an example of a hoax and how it might actually be destructive.

A(n)_______________ is an avenue that can be used to access a system while circumventing normal security mechanisms,and can often be used to install additional executable files.

Your boss saw a TV show that mentioned the term "social engineering." He wants to know what it is and how it might be used against the company.

Hoaxes,while a potential nuisance,can not cause any real harm to your data.

Introduction and Security Trends

General Security Concepts

Operational-Organizational Security

Cryptography

Public Key Infrastructure

Standards and Protocols

Physical Security

Network Fundamentals

Infrastructure Security

Authentication and Remote Access

Wireless

Intrusion Detection Systems and Network Security

Baselines

Types of Attacks and Malicious Software

E-Mail and Instant Messaging

Web Components

Secure Software Development

Disaster Recovery, Business Continuity, and Organizational Policies

Risk Management

Change Management

Privilege Management

Computer Forensics

Legal Issues and Ethics

Privacy

Filters