A cybersecurity test with 15 medium-level questions and answers on social engineering and phishing tactics.
1. What does 'shoulder surfing' refer to in security?
💡 'Shoulder surfing' involves observing someone's private information, such as a password, by looking over their shoulder.
2. What is 'tailgating' (or 'piggybacking') in physical security?
💡 Tailgating involves an unauthorized person following an authorized individual into a restricted physical area.
3. What is the goal of 'pharming' attacks?
💡 Pharming attacks redirect users to fraudulent websites, often by manipulating DNS settings, without the victim's knowledge.
4. What is 'spear phishing'?
💡 Spear phishing is a highly targeted phishing attack aimed at a specific individual or organization, often personalized for higher success.
5. What is 'pretexting' in social engineering?
💡 Pretexting involves creating a fabricated scenario or false identity to manipulate a victim into revealing information.
6. What is a common characteristic of urgency-based social engineering attacks?
💡 Urgency-based social engineering attacks create a false sense of urgency, pressuring victims to act quickly without careful thought.
7. What is 'baiting' in social engineering?
💡 Baiting lures victims with an enticing false promise, such as a free download, to steal information or install malware.
8. What is 'whaling' in the context of phishing?
💡 'Whaling' refers to phishing attacks specifically aimed at high-profile targets, like company executives.
9. What is the primary defense against social engineering attacks?
💡 The primary defense against social engineering is awareness, healthy skepticism, and verifying requests before acting on them.
10. What is 'dumpster diving' in the context of cybersecurity threats?
💡 'Dumpster diving' involves searching through discarded physical materials, like documents, to find sensitive information.
11. What is the purpose of security awareness training in organizations?
💡 Security awareness training educates employees to recognize and appropriately respond to social engineering and other security threats.
12. What does 'typosquatting' involve?
💡 Typosquatting registers domain names closely resembling legitimate ones, hoping users accidentally mistype and land on the fake site.
13. What is 'business email compromise' (BEC)?
💡 Business email compromise scams target companies through fraudulent emails, often impersonating executives to authorize fraudulent transactions.
14. What is 'quid pro quo' in social engineering?
💡 'Quid pro quo' social engineering offers a seemingly beneficial service in exchange for information or unauthorized access.
15. What is 'social engineering' in cybersecurity?
💡 Social engineering manipulates people psychologically into revealing confidential information or taking actions that compromise security.