Answered You can hire a professional tutor to get the answer.

QUESTION

Chapter 04 The Role of People in Security 1. Time can be manipulated to drive asense of __________ and prompt shortcuts that can lead to...

Chapter 04 The Role of People in Security

1. Time can be manipulated to drive asense of __________ and prompt shortcuts that can lead to opportunities for interjection into processes.

• A. scarcity

• B. trust

• C. familiarity

• D. urgency

2. Which term describes a type of phishing where individuals who are high up in an organization such as the corporate officers are targeted?

• A. Whaling

• B. Pharming

• C. DNS poisoning

• D. Vishing

3. Which statement explains why vishing is successful?

• A. Vishing is successful because people desire to be helpful.

• B. Vishing is successful because indi­viduals normally seek to avoid confrontation and trouble.

• C. Vishing is successful because of the trust that individuals place in the telephone system.

• D. Vishing is successful because people tend to trash information that might be used in a penetration attempt.

4. Which statement describes how reverse social engineering is accomplished?

• A. An attacker attempts to find little bits of information that could be useful for an attack in a target trash can.

• B. An attacker tries to convince the target to initiate contact and then gets the target to give up confidential information.

• C. An attacker uninstalls software on an unsuspecting user's computer.

• D. An attacker initiates a conversation with the target to obtain confidential information.

5. A user receives an e­mail warning of a dangerous computer virus and instructing the user to delete files it claims were put there by the virus. However, the files are actually critical system files. Which term describes this scenario?

• A. Social engineering

• B. Reverse social engineering

• C. A hoax

• D. Phishing

6. What common password character combinations do users tend to use when creating passwords?

• A. All capital letters

• B. Passwords that are too long

• C. Names of family, pets, or teams

• D. Numbers only

7. Which password is strongest?

• A. P@$$w0rd

• B. G0*49ers

• C. C#as%t*1ng

• D. April301980

8. Which statement identifies the best defense to prevent information from being obtained in a shoulder surfing attack?

• A. Small shields should be installed to block the view of a user's entry into a keypad.

• B. The keypad system should be designed with "scrambled" numbers to help make shoulder surfing more difficult.

• C. Cameras should be installed over the keypad to record the area and the person entering the information.

• D. Users should be aware of their surroundings and not allow individuals to get into a position from which they can observe what the user is entering.

9. What is a sophisticated countermeasure to piggybacking?

• A. A man trap

• B. A rogue access point

• C. A concrete barrier

• D. A camera

10. Which statement describes how an attacker can open up a backdoor?

• A. A user can install a wireless access point so that they can access the organization's network from many different areas.

• B. An attacker can follow closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.

• C. An attacker leave the door to a room or building ajar.

• D. An attacker follows closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.

11. What is a paradox of social engineering attacks?

• A. An attack can compromise an organization's corporate secrets yet identify the organization's greatest assets.

• B. People are not only the biggest problem and security risk but also the best tool in defending against an attack.

• C. A social engineering security breach may actually highlight how unhelpful an organization's employees can be.

• D. Attacks happen frequently, yet little corporate data is stolen.

12. What is a good way to reduce the chance of a successful social engineering attack?

• A. Lock all doors to the organization's building.

• B. Implement a strong security education and awareness training program.

• C. Use security guards at the building entry point.

• D. Use biometric security controls.

TRUE / FALSE

13. A social engineer uses various deceptive practices to convince the targeted person to divulge information they normally would not divulge or to convince the target of the attack to do something they normally wouldn't do.

14. Implied scarcity or implied future change can create perception of scarcity.

15. Phishing is the most common form of social engineering attack related to computer security.

16. Reverse social engineering is easier to execute than social engineering.

17. Setting up a rogue access point is a good way to prevent social engineering attacks.

Show more
LEARN MORE EFFECTIVELY AND GET BETTER GRADES!
Ask a Question