🔐
Cyber Security Medium

Social Engineering and Phishing Tactics

A cybersecurity test with 15 medium-level questions and answers on social engineering and phishing tactics.

15 Questions
30s Per Question
0+ Plays
← All Cyber Security Quizzes 📚 Study Guide for this category →
💡 Create account to save scores & earn XP
📋 View All 15 Questions & Answers

1. What does 'shoulder surfing' refer to in security?

  • A. Observing someone's private information, like a password, by looking over their shoulder ✓
  • B. A legitimate security practice
  • C. A type of encryption
  • D. A type of firewall

💡 'Shoulder surfing' involves observing someone's private information, such as a password, by looking over their shoulder.

2. What is 'tailgating' (or 'piggybacking') in physical security?

  • A. Following an authorized person into a restricted area without proper credentials ✓
  • B. A legitimate security practice
  • C. A type of encryption
  • D. A type of firewall

💡 Tailgating involves an unauthorized person following an authorized individual into a restricted physical area.

3. What is the goal of 'pharming' attacks?

  • A. Redirecting users to fraudulent websites without their knowledge ✓
  • B. Legitimately redirecting users to updated websites
  • C. A type of encryption
  • D. A type of firewall

💡 Pharming attacks redirect users to fraudulent websites, often by manipulating DNS settings, without the victim's knowledge.

4. What is 'spear phishing'?

  • A. A targeted phishing attack aimed at a specific individual or organization ✓
  • B. A general, non-targeted phishing attack
  • C. A type of legitimate email marketing
  • D. A type of firewall

💡 Spear phishing is a highly targeted phishing attack aimed at a specific individual or organization, often personalized for higher success.

5. What is 'pretexting' in social engineering?

  • A. Creating a fabricated scenario to manipulate a victim into revealing information ✓
  • B. A legitimate security practice
  • C. A type of encryption
  • D. A type of firewall

💡 Pretexting involves creating a fabricated scenario or false identity to manipulate a victim into revealing information.

6. What is a common characteristic of urgency-based social engineering attacks?

  • A. Creating a false sense of urgency to pressure victims into acting quickly without thinking ✓
  • B. Allowing victims plenty of time to verify requests
  • C. Providing complete transparency about the request's origin
  • D. Requiring no action from the victim

💡 Urgency-based social engineering attacks create a false sense of urgency, pressuring victims to act quickly without careful thought.

7. What is 'baiting' in social engineering?

  • A. Luring victims with a false promise to steal information or install malware ✓
  • B. A legitimate marketing technique
  • C. A type of encryption
  • D. A type of firewall

💡 Baiting lures victims with an enticing false promise, such as a free download, to steal information or install malware.

8. What is 'whaling' in the context of phishing?

  • A. A phishing attack specifically targeting high-profile individuals, such as executives ✓
  • B. A general phishing attack targeting random users
  • C. A type of legitimate email marketing
  • D. A type of firewall

💡 'Whaling' refers to phishing attacks specifically aimed at high-profile targets, like company executives.

9. What is the primary defense against social engineering attacks?

  • A. Awareness, skepticism, and verification of requests before acting ✓
  • B. Faster internet speed
  • C. More storage space
  • D. A type of hardware upgrade

💡 The primary defense against social engineering is awareness, healthy skepticism, and verifying requests before acting on them.

10. What is 'dumpster diving' in the context of cybersecurity threats?

  • A. Searching through discarded materials to find sensitive information ✓
  • B. A legitimate recycling practice
  • C. A type of encryption
  • D. A type of firewall

💡 'Dumpster diving' involves searching through discarded physical materials, like documents, to find sensitive information.

11. What is the purpose of security awareness training in organizations?

  • A. Educating employees to recognize and respond appropriately to social engineering and other threats ✓
  • B. Increasing internet speed
  • C. Reducing hardware costs
  • D. Improving software design only

💡 Security awareness training educates employees to recognize and appropriately respond to social engineering and other security threats.

12. What does 'typosquatting' involve?

  • A. Registering domain names similar to legitimate ones, hoping users will mistype and visit the fake site ✓
  • B. Legitimate domain registration only
  • C. A type of encryption
  • D. A type of firewall

💡 Typosquatting registers domain names closely resembling legitimate ones, hoping users accidentally mistype and land on the fake site.

13. What is 'business email compromise' (BEC)?

  • A. A scam targeting businesses through fraudulent emails, often impersonating executives ✓
  • B. A legitimate business email service
  • C. A type of encryption
  • D. A type of firewall

💡 Business email compromise scams target companies through fraudulent emails, often impersonating executives to authorize fraudulent transactions.

14. What is 'quid pro quo' in social engineering?

  • A. Offering a service or benefit in exchange for information or access ✓
  • B. A legitimate business transaction
  • C. A type of encryption
  • D. A type of firewall

💡 'Quid pro quo' social engineering offers a seemingly beneficial service in exchange for information or unauthorized access.

15. What is 'social engineering' in cybersecurity?

  • A. Manipulating people into divulging confidential information or performing actions that compromise security ✓
  • B. A type of computer hardware
  • C. A type of network protocol
  • D. A type of legitimate research

💡 Social engineering manipulates people psychologically into revealing confidential information or taking actions that compromise security.

More Cyber Security Quizzes

View all Cyber Security quizzes →