Here are Top 30 multiple-choice questions (MCQs) only focused on the Phishing and social engineering in the context of Cyber Threats and Attack Vectors, along with their answers and explanations.
1. What is phishing primarily aimed at?
- Disrupting network services
- Gaining unauthorized access to a system
- Stealing sensitive information by deception
- Encrypting files for ransom
Phishing is a type of attack that aims to steal sensitive information by deceiving individuals into revealing it.
2. What is spear phishing targeting specifically?
- Random individuals
- Large organizations
- Individuals within a specific organization
- Government agencies
Spear phishing targets specific individuals, often within a particular organization, using tailored and personalized messages.
3. Which is a common characteristic of a phishing email?
- Plain text without any links
- Urgent language, threats, or promises
- A formal and professional tone
- A clear sender address
Phishing emails often use urgent language, threats, or promises to manipulate the recipient into taking action.
- Video-based phishing attacks
- Voice-based phishing attacks
- Virtual reality-based attacks
- Vendor-specific phishing attacks
Vishing is a form of phishing that involves voice-based attacks, typically over the phone.
- Gaining unauthorized access to systems
- Spreading malware through infected files
- Tempting individuals with something appealing to extract information
- Encrypting files for ransom
Baiting involves tempting individuals with something appealing to trick them into providing sensitive information.
6. Which term describes the creation of a fake website to trick individuals into revealing sensitive information?
- Spoofing
- Pharming
- Baiting
- Impersonation
Pharming involves creating a fake website to trick individuals into revealing sensitive information.
- Creating a false identity or scenario to manipulate individuals
- Using malicious software to intercept communication
- Manipulating search engine results to deceive users
- Embedding malicious code in legitimate websites
Pretexting involves creating a false identity or scenario to manipulate individuals into revealing sensitive information.
- Quizzes and surveys
- Impersonation
- Urgency or time pressure
- Baiting
Creating a sense of urgency or time pressure is a social engineering technique to prompt immediate action.
9. What is the primary purpose of a whaling attack?
- Targeting specific individuals within an organization
- Attacking large organizations with sophisticated techniques
- Using deception to trick individuals into revealing information
- Targeting high-profile individuals, such as executives
Whaling attacks target high-profile individuals, such as executives, for the purpose of stealing sensitive information.
10. What is the term for a deceptive technique where attackers manipulate the display of a website URL?
- URL hijacking
- URL masking
- URL spoofing
- URL encryption
URL spoofing is a deceptive technique where attackers manipulate the display of a website URL to deceive users.
11. What is a common characteristic of a spear phishing attack?
- Indiscriminate targeting of individuals
- Use of generic and non-personalized messages
- Personalized and targeted messages
- Inclusion of obvious spelling and grammar mistakes
Spear phishing attacks involve personalized and targeted messages, often tailored to specific individuals.
12. What is the primary goal of a CEO fraud attack?
- Gaining unauthorized access to systems
- Spreading malware through infected files
- Impersonating a CEO to trick employees into transferring funds or sensitive information
- Encrypting files for ransom
CEO fraud attacks involve impersonating a CEO to trick employees into transferring funds or sensitive information.
13. What is the term for a phishing attack that targets a specific geographic region or group of individuals?
- Regional phishing
- Geo-targeted phishing
- Targeted phishing
- Area-specific phishing
Geo-targeted phishing is a phishing attack that targets a specific geographic region or group of individuals.
- Phishing
- Vishing
- Baiting
- Impersonation
Vishing is a form of social engineering attack that involves manipulating individuals to provide confidential information over the phone.
- Gaining unauthorized access to systems
- Spreading malware through infected files
- Tricking individuals into revealing sensitive information through a romantic or sexual relationship
- Encrypting files for ransom
A honey trap in social engineering aims to trick individuals into revealing sensitive information through a romantic or sexual relationship.
16. What is the term for a phishing attack that targets a specific industry or business sector?
- Industry-targeted phishing
- Sector-specific phishing
- Business-focused phishing
- Whaling attack
Industry-targeted phishing is a phishing attack that targets a specific industry or business sector.
- Gaining unauthorized access to systems
- Spreading malware through infected files
- Offering a benefit or reward in exchange for sensitive information
- Encrypting files for ransom
Quid pro quo attacks involve offering a benefit or reward in exchange for sensitive information.
18. What is the term for a phishing attack that uses fraudulent emails claiming to be from a trustworthy source to trick individuals into revealing sensitive information?
- Spoofing
- Deceptive email attack
- Email impersonation
- Email phishing
Email phishing is a phishing attack that uses fraudulent emails to trick individuals into revealing sensitive information.
- Openly revealing the attacker's identity
- Pretending to be a trustworthy person or entity
- Using non-deceptive communication techniques
- Targeting a wide range of individuals
Social engineering attacks using impersonation involve pretending to be a trustworthy person or entity.
- Gaining unauthorized access to systems
- Spreading malware through infected files
- Compromising websites frequented by the target individuals
- Encrypting files for ransom
Water holing attacks aim to compromise websites frequented by the target individuals to deliver malware.
21. Which is a common characteristic of a smishing attack?
- Email-based attack
- Voice-based attack
- Text message-based attack
- Social media-based attack
Smishing attacks use text messages as a medium to deceive individuals into revealing sensitive information.
22. What is the term for a phishing attack that targets individuals within a specific organization, often using internal information?
- Whaling attack
- CEO fraud attack
- Insider threat attack
- Business email compromise
Insider threat attacks target individuals within a specific organization, often using internal information.
23. What is the primary objective of a clone phishing attack?
- Gaining unauthorized access to systems
- Spreading malware through infected files
- Creating a duplicate website to deceive individuals
- Encrypting files for ransom
Clone phishing attacks involve creating a duplicate website to deceive individuals into providing sensitive information.
24. What is the term for a phishing attack that targets individuals during their commute, often using public transportation Wi-Fi networks?
- Commute-based phishing
- Mobile phishing
- Public Wi-Fi phishing
- On-the-go phishing
Mobile phishing targets individuals during their commute, often using public transportation Wi-Fi networks.
- Gaining unauthorized access to systems
- Spreading malware through infected files
- Manipulating individuals into taking specific actions
- Encrypting files for ransom
Reverse social engineering attacks aim to manipulate individuals into taking specific actions that benefit the attacker.
- Catfishing
- Profile spoofing
- Social impersonation
- Social phishing
Catfishing involves creating a fake social media profile to deceive individuals.
- Gaining unauthorized access to systems
- Spreading malware through infected files
- Tricking individuals into believing they've won a prize, then extracting money or information
- Encrypting files for ransom
Lottery scams aim to trick individuals into believing they've won a prize, then extracting money or information.
- Emotional engineering
- Social manipulation
- Psychological exploitation
- Emotional manipulation
Emotional manipulation involves appealing to individuals' emotions to manipulate them.
29. What is the term for a phishing attack that targets a specific group of individuals based on their job roles and responsibilities?
- Role-based phishing
- Job-targeted phishing
- Occupation-specific phishing
- Task-focused phishing
Role-based phishing targets a specific group of individuals based on their job roles and responsibilities.
- Gaining unauthorized access to systems
- Spreading malware through infected files
- Creating a false sense of urgency to trick individuals into paying for unnecessary software or services
- Encrypting files for ransom
Scareware attacks aim to create a false sense of urgency to trick individuals into paying for unnecessary software or services.