Flashcards

Social Engineering Attacks

Identifying and mitigating human-based attacks

5 minutes 5 Questions

Social Engineering Attacks represent psychological manipulation techniques that exploit human vulnerabilities rather than technical system weaknesses. These attacks trick individuals into divulging confidential information or performing actions that compromise security. Common types include: • Ph…

Concepts covered: Tailgating, Phishing, Spear Phishing, Watering Hole, Vishing, Pretexting, Whaling, Quid Pro Quo, Smishing, Baiting

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

CompTIA Security+ - Social Engineering Attacks Example Questions

Test your knowledge of Social Engineering Attacks

Question 1

An employee suspects they have been a target of a vishing attack and shared some company information. What should be their immediate response?

Delete their email account and create a new one. Notify their manager or IT security department and change potentially compromised account passwords. Wait for other potential signs of attack before doing anything. Disconnect their phone.

Correct Answer: Notify their manager or IT security department and change potentially compromised account passwords.

Notifying the manager or IT security department is essential to minimize the impact of a vishing attack. Changing passwords helps to secure accounts from unauthorized access.

Question 2

A technician receives a phone call from an individual pretending to be the IT manager and asking for their login credentials. This is an example of which type of pretexting?

Creating urgency Faux friendship Invoking authority Masquerading as a trusted individual

Correct Answer: Invoking authority

Invoking authority is a form of pretexting where the attacker assumes an authoritative position to coerce the victim into complying with their requests, in this case, impersonating the IT manager to gain the technician's login credentials.

Question 3

An email claiming to be from the company's CTO requests a massive amount of login credentials. What should be the employee's first course of action?

Forward the email to all colleagues. Call the company's internal helpdesk. Send the requested login credentials. Report the incident to the IT security department.

Correct Answer: Report the incident to the IT security department.

The correct course of action is reporting the incident to the IT security department, as the CTO should not request login credentials via email. Reporting the email helps the organization take quick security actions to prevent any potential whaling attacks.

Unlock Premium Access

CompTIA Security+

Access to ALL Certifications: Study for any certification on our platform with one subscription
1241 Superior-grade CompTIA Security+ practice questions
Unlimited practice tests across all certifications
Detailed explanations for every question
CompTIA Security+: 5 full exams plus all other certification exams
100% Satisfaction Guaranteed: Full refund if unsatisfied
Risk-Free: 7-day free trial with all premium features!

More Social Engineering Attacks questions

38 questions (total)

Start 38 question test