Social Engineering Attacks

Identifying and mitigating human-based attacks

Understanding and recognizing different types of social engineering attacks like phishing, pretexting, and baiting, and implementing effective techniques to prevent and mitigate these types of attacks.

5 minutes 5 Questions

Concepts covered: Tailgating, Phishing, Spear Phishing, Watering Hole, Vishing, Pretexting, Whaling, Quid Pro Quo, Smishing, Baiting

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

CompTIA Security+ - Social Engineering Attacks Example Questions

Test your knowledge of Amazon Simple Storage Service (S3)

Question 1

An employee suspects they have been a target of a vishing attack and shared some company information. What should be their immediate response?

Wait for other potential signs of attack before doing anything. Notify their manager or IT security department and change potentially compromised account passwords. Disconnect their phone. Delete their email account and create a new one.

Correct Answer: Notify their manager or IT security department and change potentially compromised account passwords.

Notifying the manager or IT security department is essential to minimize the impact of a vishing attack. Changing passwords helps to secure accounts from unauthorized access.

Question 2

A technician receives a phone call from an individual pretending to be the IT manager and asking for their login credentials. This is an example of which type of pretexting?

Masquerading as a trusted individual Invoking authority Creating urgency Faux friendship

Correct Answer: Invoking authority

Invoking authority is a form of pretexting where the attacker assumes an authoritative position to coerce the victim into complying with their requests, in this case, impersonating the IT manager to gain the technician's login credentials.

Question 3

An email claiming to be from the company's CTO requests a massive amount of login credentials. What should be the employee's first course of action?

Call the company's internal helpdesk. Send the requested login credentials. Report the incident to the IT security department. Forward the email to all colleagues.

Correct Answer: Report the incident to the IT security department.

The correct course of action is reporting the incident to the IT security department, as the CTO should not request login credentials via email. Reporting the email helps the organization take quick security actions to prevent any potential whaling attacks.

Go Premium

CompTIA Security+ Preparation Package (2024)

1087 Superior-grade CompTIA Security+ practice questions.
Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
Unlock Effortless CompTIA Security+ preparation: 5 full exams.
100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
Bonus: If you upgrade now you get upgraded access to all courses
Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!

Start Your Free 7-Day Trial

More Social Engineering Attacks questions

36 questions (total)

Start 36 question test