Top 30 multiple-choice questions (MCQs) only focused on the Social Engineering in the context of WEB Security covering below topics,along with their answers and explanations.
• Defining social engineering and its role in user-focused attacks.
• Discussing common social engineering techniques, such as phishing, pretexting, and baiting.
- Installing malware on systems
- Gaining unauthorized access
- Impersonating a trusted entity
- Luring victims with enticing offers
The primary danger of baiting attacks is the installation of malware on systems through enticing offers.
- Spoofing
- Impersonation
- Vishing
- Baiting
Impersonation involves creating a false identity to deceive individuals into providing sensitive information.
- Redirecting website traffic
- Creating a false pretext
- Deceiving individuals through voice communication
- Impersonating a trusted entity
Spoofing involves impersonating a trusted entity to deceive individuals.
4. What can individuals do to prevent vishing attacks?
- Avoid answering phone calls
- Share sensitive information over the phone
- Verify the identity of the caller
- Disable call waiting
Verifying the identity of the caller is essential in preventing vishing attacks.
- Phishing
- Baiting
- Impersonation
- Spoofing
Baiting involves luring individuals with enticing offers, appealing to their curiosity or greed.
- Exploiting software vulnerabilities
- Gaining unauthorized access
- Manipulating individuals
- Overloading servers with traffic
The primary objective of social engineering attacks is to manipulate individuals to disclose sensitive information.
7. What is the potential consequence of falling victim to a phishing attack?
- Installing antivirus software
- Identity theft
- Enhanced cybersecurity
- Improved system performance
Falling victim to a phishing attack can lead to identity theft and unauthorized access to sensitive information.
8. Which of the following is a common red flag indicating a potential phishing attempt?
- Personalized email greetings
- Verified sender identity
- Urgent requests for sensitive information
- Clear and concise email content
Urgent requests for sensitive information are often indicative of phishing attempts.
- Installing malware on systems
- Redirecting website traffic
- Creating a fabricated scenario to deceive individuals
- Impersonating a trusted entity
Pretexting involves creating a fabricated scenario to deceive individuals and obtain sensitive information.
- Avoid using antivirus software
- Verify the authenticity of enticing offers
- Click on links in unsolicited emails
- Share passwords openly
Verifying the authenticity of enticing offers is crucial in guarding against baiting attacks.
- Installing malware on systems
- Gaining unauthorized access
- Manipulating individuals to reveal sensitive information
- Overloading servers with traffic
The primary goal of phishing attacks is to manipulate individuals into revealing sensitive information.
- Visual phishing
- Voice phishing
- Verified phishing
- Virtual phishing
Vishing stands for voice phishing, where attackers use voice communication to deceive individuals.
- Spoofing
- Pharming
- Baiting
- Impersonation
Pharming involves creating fake websites to redirect individuals and trick them into providing sensitive information.
- Social engineering targets only software vulnerabilities.
- Traditional cyber attacks focus on manipulating human behavior.
- Social engineering exploits only hardware weaknesses.
- Traditional cyber attacks do not involve human manipulation.
Social engineering involves manipulating human behavior, while traditional cyber attacks typically focus on exploiting software and hardware vulnerabilities.
- Programming language
- Exploiting social networks
- Web development framework
- Database management system
Social engineering involves manipulating individuals to disclose confidential information, and in web security, it often exploits human behaviors within social networks.
- Firewall
- Antivirus software
- Phishing
- Encryption
Phishing is a social engineering technique that involves tricking individuals into revealing sensitive information by posing as a trustworthy entity.
- Gaining unauthorized access
- Creating a false pretext or scenario
- Installing malware
- Denial-of-service attack
Pretexting involves creating a fabricated scenario to deceive individuals into divulging sensitive information.
- Spoofing
- Baiting
- Pharming
- Vishing
Spoofing often involves creating fake emails or websites to trick individuals into providing sensitive information.
- Offering something enticing to lure victims
- Creating a false pretext
- Gaining unauthorized access
- Impersonating a trusted entity
Baiting involves offering something enticing to lure victims into a trap, such as a malware-infected file disguised as something desirable.
- Spear phishing
- Vishing
- Impersonation
- Baiting
Vishing (voice phishing) involves using voice communication to deceive individuals into providing sensitive information.
- Destroying hardware
- Exploiting software vulnerabilities
- Manipulating individuals
- Conducting DDoS attacks
The primary goal of social engineering attacks is to manipulate individuals into divulging confidential information.
22. How can individuals protect themselves from phishing attacks?
- Disable firewalls
- Avoid using antivirus software
- Verify email sender identity
- Share passwords openly
Verifying the identity of the email sender is a crucial step in protecting against phishing attacks.
- Creating a fake scenario
- Sending malicious emails
- Installing malware
- Gaining unauthorized access
A pretext involves creating a fabricated scenario to deceive individuals into revealing sensitive information.
- Physical infrastructure
- Social networks
- Operating systems
- Power supply networks
Social engineering attacks often target human behavior within social networks.
25. How does baiting differ from phishing?
- Baiting involves voice communication, while phishing involves email.
- Baiting offers something enticing, while phishing deceives through false scenarios.
- Baiting targets physical infrastructure, while phishing targets digital systems.
- Baiting and phishing are synonymous terms.
Baiting involves offering something enticing, while phishing typically involves deceiving through false scenarios.
- Impersonating a trusted entity
- Manipulating individuals through voice communication
- Installing malware on systems
- Denying service to users
Vishing involves manipulating individuals through voice communication to obtain sensitive information.
- Creating a false pretext
- Redirecting website traffic to malicious sites
- Offering something enticing to lure victims
- Impersonating a trusted entity
Pharming involves redirecting website traffic to malicious sites, tricking individuals into providing sensitive information.
- Mass email attacks
- Targeted email attacks
- Voice communication attacks
- Installing malware through fake websites
Spear phishing is a targeted form of phishing, where attackers focus on specific individuals or organizations.
- Phishing
- Spoofing
- DDoS attacks
- Baiting
DDoS attacks are not typically considered social engineering techniques; they involve overwhelming a system with traffic to disrupt services.
30. How can individuals protect themselves from pretexting attacks?
- Share personal information openly
- Verify the authenticity of requests
- Click on links in unsolicited emails
- Disable antivirus software
Verifying the authenticity of requests is essential in protecting against pretexting attacks.