Information Security Social Engineering Quiz

Questions and Answers

What is the primary objective of a spoofing attack in information security?

To disrupt network connections

To improve system performance

To gain unauthorized access or information (correct)

To enhance user engagement

Which social engineering technique involves pretending to be an attractive person online to gain confidential information?

Honey trap (correct)

Baiting

Diversion theft

Phishing

What is baiting in the context of social engineering?

Offering fake incentives to trick users

Leaving malicious physical devices to gather information (correct)

Creating deceptive websites to harvest data

Disguising malware as legitimate software

Which of the following best describes 'piggybacking' in the realm of social engineering?

Physically following someone into a secure area without permission (D)

In a honey trap, who is usually the target of the attack?

An insider with access to sensitive information (B)

Which scenario is an example of baiting?

A user finds a USB drive labeled 'Company Holiday Party' and opens it (B)

What advantage does using both symmetric and asymmetric cryptography in SSL/TLS provide?

It supports less-powerful devices with symmetric encryption. (B)

How is the Single Loss Expectancy (SLE) calculated in the hard drive recovery example?

By adding the asset value to the total recovery cost. (A)

What psychological factors do attackers exploit in baiting?

Curiosity and greed (A)

How does the honey trap differ from traditional phishing attacks?

It focuses on exploiting emotional attractions rather than impersonation (B)

What is the Annual Loss Expectancy (ALE) calculated from the example provided?

$145.2 (D)

What is the primary type of attack described as using plaintext to compromise the DES encryption?

Meet-in-the-middle attack (A)

What assumption is made regarding the exposure factor (EF) in the calculations for hard drive recovery?

It is set to 100%. (A)

How often is the hard drive failure expected to occur according to the information provided?

Once every three years. (D)

What is the estimated total recovery time from a hard drive failure in hours?

14 hours (C)

Which regulation is primarily concerned with the protection of personal medical records?

HIPAA/PHI (A)

What does the Annual Rate of Occurrence (ARO) equate to in the recovery example?

1/3 (A)

What does PHI stand for in the context of healthcare regulations?

Protected Health Information (D)

Which of the following is NOT considered PHI under HIPAA regulations?

Marketing solicitations (B)

What type of entities are covered under HIPAA regulations?

Healthcare providers (B)

If patient names are linked with health information, they are considered:

Protected health information (D)

Which of the following best describes the HIPAA Privacy Rule?

It provides federal protections for private health info. (A)

Under HIPAA definitions, demographic info includes which of the following?

Patient's insurance details (D)

Which of the following scenarios would most likely lead to a HIPAA violation?

Sharing medical records without patient consent (A)

Which of the following is NOT considered a health information identifier?

Social media accounts (C)

What do HIPAA Privacy Rule restrictions apply to?

Uses and disclosures of health information (D)

What is the purpose of technical, physical, and administrative safeguards in HIPAA?

To ensure the confidentiality, integrity, and availability of PHI (B)

Which of the following describes a bug bounty program?

A system for identifying and rewarding security exploits (A)

In what context are bug bounty programs usually operated?

Through curated independent third-party platforms (B)

Which of the following professionals typically participates in bug bounty programs?

Independent security researchers (B)

What does PHI stand for in the context of HIPAA?

Protected Health Information (A)

Which of the following is an example of a biometric identifier?

Fingerprint (D)

What is the main purpose of a dictionary attack in password cracking?

To attempt each word from a dictionary as a password. (A)

Which tools are commonly used for password cracking?

John the Ripper and L0phtCrack (A)

What type of attack did Richard perform when he injected captured commands into the IoT network?

Replay attack (D)

Which characteristic best describes a replay attack?

It captures and reuses legitimate data communication. (C)

What is a common method employed in a dictionary attack to increase effectiveness?

Combining dictionary words with character substitutions. (B)

What is one main reason corporations implement bug bounty programs?

To attract a larger pool of hackers for testing (B)

Which benefit do researchers and hackers gain from participating in bug bounty programs?

Financial rewards and professional recognition (B)

What is a significant challenge faced by independent researchers in bug bounty programs?

Only one report per bug is rewarded (D)

What percentage of participants in major bug bounty platforms have never successfully sold a bug, according to the information?

97% (D)

How do bug bounty programs serve as a publicity strategy for firms?

They can demonstrate a mature security initiative (B)

Why might a hacker consider bug bounty hunting to be enjoyable?

It involves clear legal operations (D)

What is a potential downside of participating in bug bounty programs for hackers?

They may spend significant time without financial returns (B)

What trend is indicated regarding bug bounty programs in the corporate landscape?

They are seen as an emerging industry standard (A)

Study Notes

• No information provided to generate study notes. Please provide the text or questions.

Description

Test your knowledge of key concepts in information security, particularly focusing on social engineering techniques. This quiz covers various attack methods, including spoofing, baiting, and honey traps, as well as cryptographic practices. Challenge yourself to understand how these methods work and their psychological underpinnings.