Chapter 04 The Role of People in Security1. Time can be manipulated to drive ase

Chapter 04 The Role of People in Security1. Time can be manipulated to drive asense of __________ and prompt shortcuts that can lead to opportunities for interjection into processes.• A. scarcity• B. trust• C. familiarity• D. urgency2. Which term describes a type of phishing where individuals who are high up in an organization such as the corporate officers are targeted?• A. Whaling• B. Pharming• C. DNS poisoning• D. Vishing3. Which statement explains why vishing is successful?• A. Vishing is successful because people desire to be helpful.• B. Vishing is successful because indi­viduals normally seek to avoid confrontation and trouble.• C. Vishing is successful because of the trust that individuals place in the telephone system.• D. Vishing is successful because people tend to trash information that might be used in a penetration attempt.4. Which statement describes how reverse social engineering is accomplished?• A. An attacker attempts to find little bits of information that could be useful for an attack in a target trash can.• B. An attacker tries to convince the target to initiate contact and then gets the target to give up confidential information.• C. An attacker uninstalls software on an unsuspecting user’s computer.• D. An attacker initiates a conversation with the target to obtain confidential information.5. A user receives an e­mail warning of a dangerous computer virus and instructing the user to delete files it claims were put there by the virus. However, the files are actually critical system files. Which term describes this scenario?• A. Social engineering• B. Reverse social engineering• C. A hoax• D. Phishing6. What common password character combinations do users tend to use when creating passwords?• A. All capital letters• B. Passwords that are too long• C. Names of family, pets, or teams• D. Numbers only7. Which password is strongest?• A. P@$$w0rd• B. G0*49ers• C. C#as%t*1ng• D. April3019808. Which statement identifies the best defense to prevent information from being obtained in a shoulder surfing attack?• A. Small shields should be installed to block the view of a user’s entry into a keypad.• B. The keypad system should be designed with “scrambled” numbers to help make shoulder surfing more difficult.• C. Cameras should be installed over the keypad to record the area and the person entering the information.• D. Users should be aware of their surroundings and not allow individuals to get into a position from which they can observe what the user is entering.9. What is a sophisticated countermeasure to piggybacking?• A. A man trap• B. A rogue access point• C. A concrete barrier• D. A camera10. Which statement describes how an attacker can open up a backdoor?• A. A user can install a wireless access point so that they can access the organization’s network from many different areas.• B. An attacker can follow closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.• C. An attacker leave the door to a room or building ajar.• D. An attacker follows closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.11. What is a paradox of social engineering attacks?• A. An attack can compromise an organization’s corporate secrets yet identify the organization’s greatest assets.• B. People are not only the biggest problem and security risk but also the best tool in defending against an attack.• C. A social engineering security breach may actually highlight how unhelpful an organization’s employees can be.• D. Attacks happen frequently, yet little corporate data is stolen.12. What is a good way to reduce the chance of a successful social engineering attack?• A. Lock all doors to the organization’s building.• B. Implement a strong security education and awareness training program.• C. Use security guards at the building entry point.• D. Use biometric security controls.TRUE / FALSE13. A social engineer uses various deceptive practices to convince the targeted person to divulge information they normally would not divulge or to convince the target of the attack to do something they normally wouldn’t do.14. Implied scarcity or implied future change can create perception of scarcity.15. Phishing is the most common form of social engineering attack related to computer security.16. Reverse social engineering is easier to execute than social engineering.17. Setting up a rogue access point is a good way to prevent social engineering attacks.


Recent Completed and delivered Papers

# Topic title Subject Area Academic Level Pages delivered
Writer's choice
1 hour 32 min
Wise Approach to
2 hours 19 min
1980's and 1990
2 hours 20 min
pick the best topic
2 hours 27 min
finance for leisure
2 hours 36 min