Security+ 601 Quiz (McGraw-Hill Review Questions)
Security+ 601
Quiz (McGraw-
Hill Review
Questions)
, Security+ 601 Quiz (McGraw-Hill Review Questions)
While waiting in the lobby of your building for a guest, you notice a man in a red shirt standing close
to a locked door with a large box in his hands. He waits for someone else to come along and open
the locked door and then proceeds to follow her inside. What type of social engineering attack have
you just witnessed?
A. Impersonation
B. Phishing
C. Boxing
D. Tailgating
D. Tailgating (or piggybacking) is the simple tactic of following closely behind a person who has just
used their own access card, key, or PIN to gain physical access to a room or building. The large box
clearly impedes the person in the red shirt's ability to open the door, so they let someone else do it
for them and follow them in.
A colleague asks you for advice on why he can't log in to his Gmail account. Looking at his browser,
you see he has typed www.gmal.com in the address bar. The screen looks very similar to the Gmail
login screen. Your colleague has just fallen victim to what type of attack?
A. Jamming
B. Rainbow table
C. Whale phishing
D. Typosquatting
D. Typosquatting capitalizes on common typing errors, such as gmal instead of gmail. The attacker
registers a domain very similar to the real domain and attempts to collect credentials or other
sensitive information from unsuspecting users.
A user in your organization contacts you to see if there's any update to the "account compromise"
that happened last week. When you ask him to explain what he means, and the user tells you he
received a phone call earlier in the week from your department and was asked to verify his user ID
and password. The user says he gave the caller his user ID and password. This user has fallen victim
to what specific type of attack?
A. Spear phishing
B. Vishing
C. Phishing
D. Replication
, Security+ 601 Quiz (McGraw-Hill Review Questions)
B. Vishing is a social engineering attack that uses voice communication technology to obtain the
information the attacker is seeking. Most often the attacker will call a victim and pretend to be
someone else in an attempt to extract information from the victim.
Coming into your office, you overhear a conversation between two security guards. One guard is
telling the other she caught several people digging through the trash behind the building early this
morning. The security guard says the people claimed to be looking for aluminum cans, but only had a
bag of papers—no cans. What type of attack has this security guard witnessed?
A. Spear phishing
B. Pharming
C. Dumpster diving
D. Rolling refuse
C. Dumpster diving is the process of going through a target's trash in the hopes of finding valuable
information such as user lists, directories, organization charts, network maps, passwords, and so on.
Which of the following are specifically used to spread influence, alter perceptions, and sway people
toward a position favored by those spreading it?
A. Identity fraud, invoice scams, credential harvesting
B. Hoaxes, eliciting information, urgency
C. Influence campaigns, social media, hybrid warfare
D. Authority, intimidation, consensus
C. Influence campaigns are used to alter perceptions and change people's minds on a topic. They are
even more powerful when used in conjunction with social media to spread influence through
influencer propagation. Nation-states often use hybrid warfare to sway people toward a position
favored by those spreading it.
Which of the following is a type of social engineering attack in which an attacker attempts to obtain
sensitive information from a user by masquerading as a trusted entity in an e-mail?
A. Phishing
B. Pharming
C. Spam
D. Vishing
, Security+ 601 Quiz (McGraw-Hill Review Questions)
A. This is the definition of a phishing attack, as introduced in chapter 1. The key elements of the
question are e-mail and the unsolicited nature of its sending (spam).
Which of the following is/are psychological tools used by social engineers to create false trust with a
target?
A. Impersonation
B. Urgency or scarcity
C. Authority
D. All of the above
D. Social engineers use a wide range of psychological tricks to fool users into trusting them, including
faking authority, impersonation, creating a sense of scarcity or urgency, and claiming familiarity.
Once an organization's security policies have been established, what is the single most effective
method of countering potential social engineering attacks?
A. An active security awareness program
B. A separate physical access control mechanism for each department in the organization
C. Frequent testing of both the organization's physical security procedures and employee telephone
practices
D. Implementing access control cards and the wearing of security identification badges
A. Because any employee may be the target of a social engineering attack, the best thing you can do
to protect your organization from these attacks is to implement an active security awareness
program to ensure that all employees are cognizant of the threat and what they can do to address it.
You notice a new custodian in the office, working much earlier than normal, emptying trash cans,
and moving slowly past people working. You ask him where the normal guy is, and in very broken
English he says, "Out sick," indicating a cough. What is happening?
A. Watering hole attack
B. Impersonation
C. Prepending
D. Identity fraud
Security+ 601
Quiz (McGraw-
Hill Review
Questions)
, Security+ 601 Quiz (McGraw-Hill Review Questions)
While waiting in the lobby of your building for a guest, you notice a man in a red shirt standing close
to a locked door with a large box in his hands. He waits for someone else to come along and open
the locked door and then proceeds to follow her inside. What type of social engineering attack have
you just witnessed?
A. Impersonation
B. Phishing
C. Boxing
D. Tailgating
D. Tailgating (or piggybacking) is the simple tactic of following closely behind a person who has just
used their own access card, key, or PIN to gain physical access to a room or building. The large box
clearly impedes the person in the red shirt's ability to open the door, so they let someone else do it
for them and follow them in.
A colleague asks you for advice on why he can't log in to his Gmail account. Looking at his browser,
you see he has typed www.gmal.com in the address bar. The screen looks very similar to the Gmail
login screen. Your colleague has just fallen victim to what type of attack?
A. Jamming
B. Rainbow table
C. Whale phishing
D. Typosquatting
D. Typosquatting capitalizes on common typing errors, such as gmal instead of gmail. The attacker
registers a domain very similar to the real domain and attempts to collect credentials or other
sensitive information from unsuspecting users.
A user in your organization contacts you to see if there's any update to the "account compromise"
that happened last week. When you ask him to explain what he means, and the user tells you he
received a phone call earlier in the week from your department and was asked to verify his user ID
and password. The user says he gave the caller his user ID and password. This user has fallen victim
to what specific type of attack?
A. Spear phishing
B. Vishing
C. Phishing
D. Replication
, Security+ 601 Quiz (McGraw-Hill Review Questions)
B. Vishing is a social engineering attack that uses voice communication technology to obtain the
information the attacker is seeking. Most often the attacker will call a victim and pretend to be
someone else in an attempt to extract information from the victim.
Coming into your office, you overhear a conversation between two security guards. One guard is
telling the other she caught several people digging through the trash behind the building early this
morning. The security guard says the people claimed to be looking for aluminum cans, but only had a
bag of papers—no cans. What type of attack has this security guard witnessed?
A. Spear phishing
B. Pharming
C. Dumpster diving
D. Rolling refuse
C. Dumpster diving is the process of going through a target's trash in the hopes of finding valuable
information such as user lists, directories, organization charts, network maps, passwords, and so on.
Which of the following are specifically used to spread influence, alter perceptions, and sway people
toward a position favored by those spreading it?
A. Identity fraud, invoice scams, credential harvesting
B. Hoaxes, eliciting information, urgency
C. Influence campaigns, social media, hybrid warfare
D. Authority, intimidation, consensus
C. Influence campaigns are used to alter perceptions and change people's minds on a topic. They are
even more powerful when used in conjunction with social media to spread influence through
influencer propagation. Nation-states often use hybrid warfare to sway people toward a position
favored by those spreading it.
Which of the following is a type of social engineering attack in which an attacker attempts to obtain
sensitive information from a user by masquerading as a trusted entity in an e-mail?
A. Phishing
B. Pharming
C. Spam
D. Vishing
, Security+ 601 Quiz (McGraw-Hill Review Questions)
A. This is the definition of a phishing attack, as introduced in chapter 1. The key elements of the
question are e-mail and the unsolicited nature of its sending (spam).
Which of the following is/are psychological tools used by social engineers to create false trust with a
target?
A. Impersonation
B. Urgency or scarcity
C. Authority
D. All of the above
D. Social engineers use a wide range of psychological tricks to fool users into trusting them, including
faking authority, impersonation, creating a sense of scarcity or urgency, and claiming familiarity.
Once an organization's security policies have been established, what is the single most effective
method of countering potential social engineering attacks?
A. An active security awareness program
B. A separate physical access control mechanism for each department in the organization
C. Frequent testing of both the organization's physical security procedures and employee telephone
practices
D. Implementing access control cards and the wearing of security identification badges
A. Because any employee may be the target of a social engineering attack, the best thing you can do
to protect your organization from these attacks is to implement an active security awareness
program to ensure that all employees are cognizant of the threat and what they can do to address it.
You notice a new custodian in the office, working much earlier than normal, emptying trash cans,
and moving slowly past people working. You ask him where the normal guy is, and in very broken
English he says, "Out sick," indicating a cough. What is happening?
A. Watering hole attack
B. Impersonation
C. Prepending
D. Identity fraud
