Ken Patmonk
0c3868ea71
OPS-1 through OPS-10, OS-2, OS-3 went from 5 → 15. OS-1, OS-4 through OS-11, SEC-1 through SEC-11, TRB-1 through TRB-4 went from 7 → 15. Questions cover exam-weight scenarios not duplicated from original content. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
132 lines
2.6 KiB
Markdown
132 lines
2.6 KiB
Markdown
# SEC-5 Quiz: Social Engineering and Attacks
|
|
|
|
Take this after studying `notes/SEC-5-social-engineering-attacks.md`.
|
|
|
|
Reply with answers like:
|
|
`1B 2A 3D 4C 5B 6A 7D`
|
|
|
|
## Questions
|
|
|
|
1. A phishing attack sent by SMS text message is called:
|
|
|
|
A. Vishing
|
|
B. Whaling
|
|
C. Smishing
|
|
D. Shoulder surfing
|
|
|
|
2. A phishing attack targeted at a CEO is called:
|
|
|
|
A. Dumpster diving
|
|
B. Whaling
|
|
C. Tailgating
|
|
D. ARP poisoning
|
|
|
|
3. A fake Wi-Fi access point imitates a legitimate hotel network. What attack is this?
|
|
|
|
A. Dictionary attack
|
|
B. SQL injection
|
|
C. DLP
|
|
D. Evil twin
|
|
|
|
4. Which attack modifies database queries through unsafe user input?
|
|
|
|
A. XSS
|
|
B. DDoS
|
|
C. SQL injection
|
|
D. Shoulder surfing
|
|
|
|
5. Which attack injects malicious scripts that run in a user's browser?
|
|
|
|
A. APIPA
|
|
B. XSS
|
|
C. Kerberos
|
|
D. BitLocker
|
|
|
|
6. An attacker compromises a vendor software update trusted by customers. What attack type is this?
|
|
|
|
A. Piggybacking
|
|
B. Brute force
|
|
C. Vishing
|
|
D. Supply chain attack
|
|
|
|
7. Which attack uses many systems to overwhelm a service?
|
|
|
|
A. DDoS
|
|
B. Plaintext storage
|
|
C. Tailgating
|
|
D. SAML
|
|
|
|
8. A technician receives a call from someone claiming to be IT support asking for their password. What attack type is this?
|
|
|
|
A. Phishing
|
|
B. Vishing
|
|
C. SQL injection
|
|
D. Tailgating
|
|
|
|
9. An attacker follows an employee through a secure door without scanning their badge. What is this called?
|
|
|
|
A. Shoulder surfing
|
|
B. Tailgating
|
|
C. Whaling
|
|
D. Smishing
|
|
|
|
10. An attacker watches a user enter their PIN at an ATM by standing nearby. What attack is this?
|
|
|
|
A. Tailgating
|
|
B. Vishing
|
|
C. Shoulder surfing
|
|
D. Evil twin
|
|
|
|
11. An attacker searches through discarded printed documents to find sensitive information. What is this called?
|
|
|
|
A. Dumpster diving
|
|
B. Smishing
|
|
C. Watering hole attack
|
|
D. Shoulder surfing
|
|
|
|
12. Which attack floods a login page with many different password guesses automatically?
|
|
|
|
A. Shoulder surfing
|
|
B. Vishing
|
|
C. Brute force attack
|
|
D. Tailgating
|
|
|
|
13. An email appears to come from the CEO asking the CFO to wire money immediately. This targeted attack is called:
|
|
|
|
A. Smishing
|
|
B. Vishing
|
|
C. Whaling or Business Email Compromise (BEC)
|
|
D. Watering hole
|
|
|
|
14. An attacker compromises a popular developer tool website knowing IT professionals visit it. What attack type is this?
|
|
|
|
A. Vishing
|
|
B. Watering hole attack
|
|
C. Tailgating
|
|
D. Smishing
|
|
|
|
15. What is the best general defense against social engineering attacks?
|
|
|
|
A. Disable all email
|
|
B. Use only WEP
|
|
C. Security awareness training
|
|
D. Remove all firewalls
|
|
|
|
## Answer Key For Instructor
|
|
|
|
1. C
|
|
2. B
|
|
3. D
|
|
4. C
|
|
5. B
|
|
6. D
|
|
7. A
|
|
8. B
|
|
9. B
|
|
10. C
|
|
11. A
|
|
12. C
|
|
13. C
|
|
14. B
|
|
15. C
|
|
|