1_1_9 Section 1 – Attacks, Threats, and Vulnerabilities - Social Engineering - Other Social Engineering Attacks

Questions and Answers

What is tailgating in the context of office security?

• Using a badge to gain access
• Unauthorized individual following someone through a secure door (correct)
• Following safety guidelines in the office
• Bringing food into the office

What is the main motivation for someone to engage in tailgating?

• Gaining unauthorized access to the building (correct)
• Accidentally entering the building
• Trying to socialize with colleagues
• Getting free food from inside the building

How does Johnny Long demonstrate tailgating in his book, No Tech Hacking?

• Using third-party clothing to blend in and gain access (correct)
• Pretending to be a vendor inside the building
• Hacking computer systems remotely
• Creating a distraction to enter the building

What is a common tactic used by individuals engaging in tailgating at the office?

Pretending to be on a break in the smoking section (B)

How do some individuals exploit the kindness of others to gain entry through a secure door?

By supplying food or treats and getting someone to hold the door open (A)

Why is preventing tailgating important in an office environment?

To ensure the last line of defense before sensitive areas (D)

What is the purpose of a visitor badge in most organizations?

To identify individuals who are allowed inside the building (D)

What does the sign 'no tailgating, or one scan, one person' near a locked door signify?

Only one person should enter after a single badge scan (A)

What is a common tactic used in an invoice scam?

Spoofing email addresses of high-level authorities (C)

Why might an accounting department pay a fake invoice without proper verification?

The invoice looks legitimate and is from a familiar source (D)

What is a credential harvesting attack focused on acquiring?

Usernames and passwords (D)

How might an attacker execute a credential harvesting attack through email?

Sending a Microsoft Word document with malicious macros (D)

Why is it crucial for users to have antivirus and anti-malware software?

To detect and stop credential harvesting attacks (A)

What is the main goal of someone engaging in tailgating in an office environment?

To gain unauthorized access to the inside by following someone through a secured door (D)

How might a person using tailgating blend in to gain unauthorized access?

Pretending to be a delivery person from a known vendor (A)

What social engineering aspect is associated with tailgating?

Deceiving employees to hold the door open for them (B)

In Johnny Long's book, how does he demonstrate gaining access through tailgating?

By using clothing from a third-party vendor to blend in (A)

What is a common ruse used by individuals engaging in tailgating to gain entry?

Claiming to be an IT technician fixing a computer issue (D)

What tactic might an individual use while tailgating to ensure someone holds the door open for them?

Offering to share their food or treats with others (A)

What is a common tactic used in a credential harvesting attack?

Tricking the victim into opening a malicious Microsoft Word document (B)

What is the primary purpose of a visitor badge in most organizations?

To identify individuals who are not regular members of the organization (B)

How might an attacker gain access to usernames and passwords through a credential harvesting attack?

Extracting stored credentials using a malicious script (C)

What is the danger of an attacker successfully executing a credential harvesting attack?

Stealing sensitive information without the victim's knowledge (A)

Why do some attackers prefer sending a scam invoice with a spoofed address?

To trick the accounting department into making payments without verification (B)

How does an attacker often attempt to trick users into executing a script that extracts credentials?

By sending emails with malicious Microsoft Word document attachments (A)

What is the significance of organizations having policies related to visitor badges?

To prevent tailgating through secure doors (B)

How does clicking on a link in a scam invoice email benefit an attacker?

Acquiring credit card or bank account details (C)

What is the purpose of signs like 'no tailgating, or one scan, one person' near locked doors?

To remind individuals not to hold the door for others behind them (D)

What is the potential consequence of an accounting department paying a fraudulent invoice without proper verification?

Erosion of trust between employees and management in the organization (D)

Flashcards are hidden until you start studying