Back to CompTIA Security+ (CompTIA Security+)

Social Engineering Attacks

Identifying and mitigating human-based attacks

Understanding and recognizing different types of social engineering attacks like phishing, pretexting, and baiting, and implementing effective techniques to prevent and mitigate these types of attacks.
5 minutes 5 Questions

Social Engineering Attacks represent psychological manipulation techniques that exploit human vulnerabilities rather than technical system weaknesses. These attacks trick individuals into divulging confidential information or performing actions that compromise security. Common types include: • Ph…

Concepts covered: Tailgating, Phishing, Spear Phishing, Watering Hole, Vishing, Pretexting, Whaling, Quid Pro Quo, Smishing, Baiting

Test mode:
Start practice test
CompTIA Security+ - Social Engineering Attacks Example Questions

Test your knowledge of Social Engineering Attacks

Question 1

An employee suspects they have been a target of a vishing attack and shared some company information. What should be their immediate response?

Correct Answer: Notify their manager or IT security department and change potentially compromised account passwords.

Notifying the manager or IT security department is essential to minimize the impact of a vishing attack. Changing passwords helps to secure accounts from unauthorized access.

Question 2

A technician receives a phone call from an individual pretending to be the IT manager and asking for their login credentials. This is an example of which type of pretexting?

Correct Answer: Invoking authority

Invoking authority is a form of pretexting where the attacker assumes an authoritative position to coerce the victim into complying with their requests, in this case, impersonating the IT manager to gain the technician's login credentials.

Question 3

An email claiming to be from the company's CTO requests a massive amount of login credentials. What should be the employee's first course of action?

Correct Answer: Report the incident to the IT security department.

The correct course of action is reporting the incident to the IT security department, as the CTO should not request login credentials via email. Reporting the email helps the organization take quick security actions to prevent any potential whaling attacks.

image/svg+xml
🎓 Unlock Premium Access

CompTIA Security+ + ALL Certifications

  • 🎓 Access to ALL Certifications: Study for any certification on our platform with one subscription
  • 1241 Superior-grade CompTIA Security+ practice questions
  • Unlimited practice tests across all certifications
  • Detailed explanations for every question
  • CompTIA Security+: 5 full exams plus all other certification exams
  • 100% Satisfaction Guaranteed: Full refund if unsatisfied
  • Risk-Free: 7-day free trial with all premium features!
More Social Engineering Attacks questions
38 questions (total)
Start 38 question test