CompTIA Security+ (SY0-701) S5 Social Engineering H

Questions and Answers

Match the following social engineering technique with its description:

Impersonation = Pretending to be someone else, including brand impersonation, typo-squatting, and watering hole attacks Pretexting = Creating a fabricated scenario to manipulate targets, impersonating trusted figures to gain trust Phishing = Frauds and scams that deceive people into parting with money or valuable information Influence Campaigns = Spreading misinformation and disinformation, impacting politics, economics, etc.

Match the following social engineering attack with its description:

Diversion Theft = A type of social engineering attack Hoaxes = A deceptive practice to deceive people into parting with money or valuable information Shoulder Surfing = A social engineering attack involving stealing information by looking over someone's shoulder Baiting = A fabricated scenario to manipulate targets, impersonating trusted figures to gain trust

Match the following phishing attack type with its description:

Vishing = A type of phishing attack Smishing = A deceptive practice to deceive people into parting with money or valuable information Spear Phishing = Focused phishing attack targeting a specific individual or organization Whaling = Phishing attacks targeting high-profile individuals or executives

Match the following motivational trigger with its description:

Familiarity and Likability = Motivational trigger used by social engineers Consensus and Social Proof = Motivational trigger used by social engineers Authority and Intimidation = Motivational trigger used by social engineers Scarcity and Urgency = Motivational trigger used by social engineers

Match the following motivational triggers with their descriptions:

Authority = Most people are willing to comply and do what you tell them if they believe it is coming from somebody in a position of authority Urgency = Compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly or prioritize certain actions Social Proof = Psychological phenomenon where individuals look to the behaviors of others to determine their own decisions or actions Scarcity = Psychological pressure people feel when they believe a product, opportunity, or resource is limited or in short supply

Match the following forms of impersonation with their descriptions:

Impersonation Attack = Adversary assumes the identity of another person to gain unauthorized access or steal sensitive data Brand Impersonation = Attacker pretends to represent a legitimate company or brand using logos, language, and information to create deceptive communications or website Typosquatting = Attacker registers a domain name similar to a popular website with common typographical errors Pretexting = Gives some amount of information that seems true so that the victim will give more information

Match the following phishing attack types with their descriptions:

Phishing = Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information Spear Phishing = More targeted form of phishing used by cybercriminals who are tightly focused on a specific group of individuals or organizations, with a higher success rate Whaling = Form of spear phishing that targets high-profile individuals like CEOs or CFOs for potentially greater rewards, often as an initial step to compromise an executive’s account for subsequent attacks within their organization Watering Hole Attacks = Targeted cyber attack where attackers compromise a specific website or service known to be used by their target

Match the following phishing prevention measures with their descriptions:

Regular user security awareness training = Providing education on various phishing techniques Use of anti-phishing tools = Tools to aid in identifying and preventing phishing attacks Examination of URLs and email addresses = Verifying the authenticity of web links and sender addresses Fact checking and critical thinking skills when encountering potential hoaxes = Critical evaluation of information to identify deceptive content

Match the following social engineering attacks with their descriptions:

Diversion theft = Manipulating situations to steal valuable items or information Shoulder surfing = Stealing information by looking over someone's shoulder Dumpster diving = Searching through trash for valuable information Hoaxes = Malicious deception spread through communication channels, often paired with phishing attacks

Match the following fraud and scams terms with their descriptions:

Fraud = Criminal deception intended for financial or personal gain Identity fraud = Unauthorized use of another person's personal information for deception or financial gain Identity theft = Assuming the victim's identity for fraudulent activities Influence campaigns = Coordinated efforts to shape public perception or behavior towards a cause, individual, or group

Match the following security threats with their descriptions:

Eavesdropping = Secretly listening to private conversations Baiting = Leaving a malware-infected physical device to be found by a victim Piggybacking = Unauthorized person following an authorized person into a secure area Tailgating = Unauthorized person attempts to follow an employee through an access control point

Match the following prevention techniques with the corresponding security threat:

Encrypting data in transit = Prevent eavesdropping Training users to not use devices they find = Prevent baiting Access control vestibule or access control point = Prevent tailgating Convincing an authorized employee to swipe their own access badge = Prevent piggybacking

Match the following actions with their descriptions:

Eavesdropping = Intercepting communication without knowledge Baiting = Leaving a malware-infected physical device to install malware unknowingly Piggybacking = Convincing an authorized employee to swipe their own access badge Tailgating = Following an employee into a secure area without authorization

Match the following security threats with their prevention techniques:

Eavesdropping = Encrypting data in transit Baiting = Training users to not use devices they find Piggybacking = Preventing unauthorized entry at access control points Tailgating = Training employees on access control procedures

Flashcards are hidden until you start studying

Study Notes

• Business Email Compromise (BEC) is a sophisticated phishing attack targeting businesses, utilizing one of their internal email accounts to facilitate unauthorized fund transfers, payment redirection, or sensitive information theft.
• Vishing is a voice phishing technique where attackers trick victims into sharing personal or financial information over the phone.
• Smishing involves the use of text messages to deceive individuals into providing their personal information.
• Preventing phishing attacks:
  • Regular user security awareness training
  • Education on various phishing techniques
  • Use of anti-phishing tools
  • Suspicion towards urgent requests
  • Examination of URLs and email addresses
  • Reporting and investigation of suspicious emails
• Fraud and scams:
  • Fraud is criminal deception intended for financial or personal gain.
  • Identity fraud and identity theft involve the unauthorized use of another person's personal information for deception or financial gain.
  • Differences between identity fraud and identity theft:
    • Identity fraud: attacker charges items to the victim's card
    • Identity theft: attacker assumes the victim's identity
• Influence campaigns:
  • Coordinated efforts to shape public perception or behavior towards a cause, individual, or group.
  • Misinformation and disinformation spreading can harm institutions, fuel social divisions, and influence election outcomes.
• Other social engineering attacks:
  • Diversion theft: manipulating situations or creating distractions to steal valuable items or information.
  • Hoaxes: malicious deception spread through communication channels, often paired with phishing attacks.
  • Shoulder surfing: looking over someone's shoulder to steal information.
  • Dumpster diving: searching through trash for valuable information.
• Prevention measures:
  • Being aware of surroundings when providing sensitive information.
  • Use of clean desk and clean desktop policies.
  • Fact checking and critical thinking skills when encountering potential hoaxes.