search

Which social engineering principle may allow a phony call from the help desk to be effective?

1 Jahrs vor
Kommentare: 0
Ansichten: 35

You get a phone call from someone telling you they are from the IRS and they are sending the police to your house now to arrest you unless you provide a method of payment immediately. What tactic is the caller using?

Show

1. Pretexting
2. Biometrics
3. Smishing
4. Rogue access

1. Pretexting

Biometrics is the use of a physical attribute to provide authentication. Smishing is using short message service (SMS/texting) to gather information from people. Rogue access isn't really anything. Pretexting is coming up with a believable story that you can use when trying to perform a social engineering attack on someone.

You are working on a red-team engagement. Your team leader has asked you to use baiting as a way to get in. What are you being asked to do?

1. Make phone calls
2. Clone a website
3. Leave USB sticks around
4. Spoof an RFID ID

3. Leave USB sticks around

Baiting is leaving a lure out in order to gather targets. You could use USB sticks or CDs around as bait if they had software on them that would run and "infect" the target system in a way that would give you control over them. While all of the other options are related to social engineering, none of them is called baiting.

Which of the social engineering principles is in use when you see a line of people at a vendor booth at a security conference waiting to grab free USB sticks and CDs?

1. Reciprocity
2. Social proof
3. Authority
4. Scarcity

2. Social proof

Social proof is in use when it appears to be okay to engage in a behavior because you see others engaging in it. When people see a line of others waiting to grab USB sticks, in spite of knowing they shouldn't trust USB sticks, they may be inclined to lower their defenses. There is no reciprocity or authority here. There may eventually be scarcity, but that's not what would drive people to stand in line to acquire a potentially dangerous item.

What is a viable approach to protecting against tailgating?

1. Biometrics
2. Badge access
3. Phone verification
4. Man traps

4. Man traps

Biometrics and badge access are forms of physical access control. Phone verification could possibly be used as a way of verifying identity, but it won't protect against tailgating. A man trap, however, will protect against tailgating because a man trap allows only one person in at a time.

Why would you use wireless social engineering?

1. To send phishing messages
2. To gather credentials
3. To get email addresses
4. To make phone calls

2. To gather credentials

Especially in enterprises, there is generally some authentication that happens. This could be in the form of a pre-shared key or a username/password combination. Either way, when you are using social engineering of wireless networks, you are probably attempting to gather credentials to gain access to sites. It's unlikely you'd use this vector for sending phishing messages or getting email addresses, and it wouldn't be used to make phone calls.

Which social engineering principle may allow a phony call from the help desk to be effective?

1. Social proof
2. Imitation
3. Scarcity
4. Authority

4. Authority

While you might be imitating someone, imitation is not a social engineering principle. Neither social proof nor scarcity are at play in this situation. However, if you are calling from the help desk, you may be considered to be in a position of authority.

Why would you use automated tools for social engineering attacks?

1. Better control over outcomes
2. Reduce complexity
3. Implement social proof
4. Demonstrate authority

2. Reduce complexity

It's debatable whether you get better control over outcomes executing your attacks manually. You would not be implementing social proof or demonstrating authority using an automated attack any more than if you did it manually. You would be reducing complexity, though, since doing it manually means you would be setting up and controlling multiple moving pieces. This gets to be complex, and the attack would fail if you didn't get it just right.

What social engineering vector would you use if you wanted to gain access to a building?

1. Impersonation
2. Scarcity
3. Vishing
4. Smishing

1. Impersonation

Vishing and smishing are non-kinetic approaches to social engineering. Scarcity is not a social engineering vector. Impersonation is a social engineering vector and the one used to gain unauthorized access to a facility.

Which of these would be an example of pretexting?

1. Web page asking for credentials
2. A cloned badge
3. An email from a former co-worker
4. Rogue wireless access point

3. An email from a former co-worker

If you sent an email posing as a former co-worker, you could be implementing a couple of different social engineering principles. Because you have a story and a means to collect information fraudulently, you are using pretexting. The other attacks are also social engineering, but they are not pretexting.

What tool could you use to clone a website?

1. httclone
2. curl-get
3. wget
4. wclone

3. wget

wget is the only one of these options that is a legitimate program, and it can be used to clone a website.

How would someone keep a baiting attack from being successful?

1. Disable Registry cloning.
2. Disable autorun.
3. Epoxy external ports.
4. Don't browse the Internet.

2. Disable autorun.

While some people do epoxy USB ports to prevent USB sticks from being inserted, it's not a good approach and wouldn't necessarily keep a baiting attack from working if the bait is a CD-ROM. Browsing the Internet is common and no longer doing that won't protect you against baiting. Registry cloning isn't really a thing in this context. Disabling autorun would keep any malicious software from running automatically from external devices.

What statistic are you more likely to be concerned about when thinking about implementing biometrics?

1. False positive rate
2. False negative rate
3. False failure rate
4. False acceptance rate

4. False acceptance rate

A false acceptance rate measures how often a biometric system allows unauthorized users access to a facility or area. A false failure (or reject) rate is inconvenient, and some organizations may consider that to be an issue, especially if it's very high. However, a high false accept rate is probably more concerning because you are allowing people who are really unauthorized to have access. The other two are not statistics that are measured; though they correlate to the others, they are not called false positive rate or false negative rate.

Which of these forms of biometrics is least likely to give a high true accept rate while minimizing false reject rates?

1. Voiceprint
2. Iris scanning
3. Retinal scanning
4. Fingerprint scanning

1. Voiceprint

Voiceprint identification is the least reliable of these options. As a result, it would be the most likely to give you a high false reject rate, which would lower the true accept rate.

What attack can a proximity card be susceptible to?

1. Tailgating
2. Phishing
3. Credential theft
4. Cloning

4. Cloning

A proximity card could enable tailgating, but it's not the only thing—a key could enable tailgating as well. Technically, it's not the card that allows tailgating anyway. It's the way the doors are configured and implemented. Phishing is unrelated, and technically, credential theft is as well. Proximity cards, particularly if they use RFID tags, are susceptible to cloning.

Which form of biometrics scans a pattern in the area of the eye around the pupil?

1. Retinal scanning
2. Fingerprint scanning
3. Iris scanning
4. Uvea scanning

3. Iris scanning

While the retina and the uvea are also parts of the eye, neither of them encloses the pupil and can be used as a means of identification. Fingerprints are not part of the eye.

What would the result of a high false failure rate be?

1. People having to call security
2. Unauthorized people being allowed in
3. Forcing the use of a man trap
4. Reduction in the use of biometrics

1. People having to call security

A false acceptance rate would be allowing unauthorized people in. If you are an authorized person but your biometric scanner isn't working reliably and rejects you, you may need to call security or someone else to let you into the building. Neither of the other two would be a result of a high false failure rate. They may be solutions to other problems, but not a high false failure rate.

You've received a text message from an unknown number that is only five digits long. It doesn't have any text, just a URL. What might this be an example of?

1. Vishing
2. Smishing
3. Phishing
4. Impersonation

2. Smishing

Smishing is short message phishing, which means someone is sending a text message, attempting to fraudulently gather information. Vishing is a phone call (voice). Phishing can be an overall term but commonly refers to email. Impersonation is more of a physical approach.

What is an advantage of a phone call over a phishing email?

1. You are able to go into more detail with pretexting.
2. Phishing attacks are unreliable.
3. Not everyone has email but everyone has a phone.
4. Pretexting only works over the phone.

1. You are able to go into more detail with pretexting.

Pretexting can work over email just as well as via a phone call. It may be more common for people to have email than a phone, especially a company-owned landline. Phishing attacks are very successful, which is why they are so commonly used. With a phone call, though, you could go into more detail and address questions or concerns as they arise. You could include additional layers that you couldn't with an email since you could never be sure if your email was read, or deleted, or caught in a filter.

What is the web page you may be presented with when connecting to a wireless access point, especially in a public place?

1. Credential harvester
2. Captive portal
3. Wi-Fi portal
4. Authentication point

2. Captive portal

The captive portal is the page that is opened when you connect to a public access point. None of the other answers are real things.

What tool could you use to generate email attacks as well as wireless attacks?

1. Meterpreter
2. wifiphisher
3. SE Toolkit
4. Social Automator

3. SE Toolkit

You may end up with a Meterpreter interface to a remote system, but it wouldn't be used to generate the attacks. wifiphisher is only used for Wi-Fi-based attacks and Social Automator doesn't exist. The Social-Engineer Toolkit (SE Toolkit) could be used to automate email attacks as well as wireless attacks.

What are the 4 types of social engineering?

Social engineering attack techniques.
Baiting. As its name implies, baiting attacks use a false promise to pique a victim's greed or curiosity. ... .
Scareware. Scareware involves victims being bombarded with false alarms and fictitious threats. ... .
Pretexting. ... .
Phishing. ... .
Spear phishing..

What social engineering vector would you use if you wanted to gain access to a building?

What social engineering vector would you use if you wanted to gain access to a building? Vishing and smishing are non-kinetic approaches to social engineering. Scarcity is not a social engineering vector. Impersonation is a social engineering vector and the one used to gain unauthorized access to a facility.

What are the principles of social engineering?

Social Engineering relies heavily on the six Principles of Influence established by Robert Cialdini, a behavioral psychologist, and author of Influence: The Psychology of Persuasion. Those six key Principles are: Reciprocity, Commitment and Consistency, Social Proof, Authority, Liking, and Scarcity.

What is social engineering used by hackers?

Social engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing, spear phishing, and CEO Fraud are all examples.

social engineering principle phony call desk effective

zusammenhängende Posts

Which security principle refers to the concept that each and every request should be verified?
Which security principle refers to the concept that each and every request should be verified?

Which of the following is not a privacy issue that is related to using a social networking site?
Which of the following is not a privacy issue that is related to using a social networking site?

What basic principle of outlining is concerned about the parallel construction of every heading?
What basic principle of outlining is concerned about the parallel construction of every heading?

Which principle of outlining states that entries should at least be two to be sure that the supporting points of a major idea are adequate?
Which principle of outlining states that entries should at least be two to be sure that the supporting points of a major idea are adequate?

From the conservative view, the most effective social control in reference to crime is__________.
From the conservative view, the most effective social control in reference to crime is__________.

Which of the following statements best represents the sociological understanding of social problems?
Which of the following statements best represents the sociological understanding of social problems?

Which of the following concept refers to a state in which racial and ethnic minorities are distinct but have more or less equal social standing?
Which of the following concept refers to a state in which racial and ethnic minorities are distinct but have more or less equal social standing?

Which term is used to refer to organized patterns of beliefs and behavior centered on basic social needs?
Which term is used to refer to organized patterns of beliefs and behavior centered on basic social needs?

Which sociological perspective also called theory focuses on the inequalities that contribute social differences and perpetuates differences in power?
Which sociological perspective also called theory focuses on the inequalities that contribute social differences and perpetuates differences in power?

Which theory focuses on everyday interactions to explain people’s social standing in society?
Which theory focuses on everyday interactions to explain people’s social standing in society?

Werbung

NEUESTEN NACHRICHTEN

Which list below contains only information systems development project risk factors?
1 Jahrs vor . durch MaleAllocation
Controlling measures the of actual performance from the standard performance
1 Jahrs vor . durch BrokenDeficiency
Welche Elemente kommen im menschlichen Körper vor?
1 Jahrs vor . durch LeveragedAvarice
Mit anzusehen wenn der mann anbaut
1 Jahrs vor . durch GubernatorialFreestyle
Second Hand Kinder in der Nähe
1 Jahrs vor . durch Tax-freeChemotherapy
Which of the following statements is true regarding surface-level diversity?
1 Jahrs vor . durch CracklingLordship
Wie wird man im Solarium am besten braun?
1 Jahrs vor . durch FlushedDemeanor
When giving a speech of presentation you should usually explain why the recipient is being given his or her award?
1 Jahrs vor . durch DentalSnail
Wie lange ist 3 tage fieber ansteckend
1 Jahrs vor . durch ObsessiveRedemption
Was sagt man wenn jemand in rente geht
1 Jahrs vor . durch SubjectiveCriminality

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjakoptzhhi
Urheberrechte © © 2024 decemle Inc.