Top 30 multiple-choice questions (MCQs) only focused on the Social Engineering in the context of WEB Security covering below topics,along with their answers and explanations.
• Defining social engineering and its role in user-focused attacks.
• Discussing common social engineering techniques, such as phishing, pretexting, and baiting.
PRACTICE IT NOW TO SHARPEN YOUR CONCEPT AND KNOWLEDGE
1. What is the primary danger of baiting attacks in social engineering?
- Installing malware on systems
- Gaining unauthorized access
- Impersonating a trusted entity
- Luring victims with enticing offers
The primary danger of baiting attacks is the installation of malware on systems through enticing offers.
2. Which social engineering technique involves creating a false identity to deceive individuals?
- Spoofing
- Impersonation
- Vishing
- Baiting
Impersonation involves creating a false identity to deceive individuals into providing sensitive information.
3. What is the primary purpose of spoofing in social engineering?
- Redirecting website traffic
- Creating a false pretext
- Deceiving individuals through voice communication
- Impersonating a trusted entity
Spoofing involves impersonating a trusted entity to deceive individuals.
4. What can individuals do to prevent vishing attacks?
- Avoid answering phone calls
- Share sensitive information over the phone
- Verify the identity of the caller
- Disable call waiting
Verifying the identity of the caller is essential in preventing vishing attacks.
5. Which social engineering technique involves manipulating individuals by appealing to their curiosity or greed?
- Phishing
- Baiting
- Impersonation
- Spoofing
Baiting involves luring individuals with enticing offers, appealing to their curiosity or greed.
6. What is the primary objective of social engineering attacks in the context of web security?
- Exploiting software vulnerabilities
- Gaining unauthorized access
- Manipulating individuals
- Overloading servers with traffic
The primary objective of social engineering attacks is to manipulate individuals to disclose sensitive information.
7. What is the potential consequence of falling victim to a phishing attack?
- Installing antivirus software
- Identity theft
- Enhanced cybersecurity
- Improved system performance
Falling victim to a phishing attack can lead to identity theft and unauthorized access to sensitive information.
8. Which of the following is a common red flag indicating a potential phishing attempt?
- Personalized email greetings
- Verified sender identity
- Urgent requests for sensitive information
- Clear and concise email content
Urgent requests for sensitive information are often indicative of phishing attempts.
9. What is the purpose of pretexting in social engineering?
- Installing malware on systems
- Redirecting website traffic
- Creating a fabricated scenario to deceive individuals
- Impersonating a trusted entity
Pretexting involves creating a fabricated scenario to deceive individuals and obtain sensitive information.
10. How can individuals guard against baiting attacks in social engineering?
- Avoid using antivirus software
- Verify the authenticity of enticing offers
- Click on links in unsolicited emails
- Share passwords openly
Verifying the authenticity of enticing offers is crucial in guarding against baiting attacks.
11. What is the primary goal of phishing attacks in social engineering?
- Installing malware on systems
- Gaining unauthorized access
- Manipulating individuals to reveal sensitive information
- Overloading servers with traffic
The primary goal of phishing attacks is to manipulate individuals into revealing sensitive information.
12. In the context of social engineering, what does the term "vishing" stand for?
- Visual phishing
- Voice phishing
- Verified phishing
- Virtual phishing
Vishing stands for voice phishing, where attackers use voice communication to deceive individuals.
13. Which social engineering technique involves creating fake websites to trick individuals?
- Spoofing
- Pharming
- Baiting
- Impersonation
Pharming involves creating fake websites to redirect individuals and trick them into providing sensitive information.
14. How does social engineering differ from traditional cyber attacks?
- Social engineering targets only software vulnerabilities.
- Traditional cyber attacks focus on manipulating human behavior.
- Social engineering exploits only hardware weaknesses.
- Traditional cyber attacks do not involve human manipulation.
Social engineering involves manipulating human behavior, while traditional cyber attacks typically focus on exploiting software and hardware vulnerabilities.
15. What is social engineering in the context of web security?
- Programming language
- Exploiting social networks
- Web development framework
- Database management system
Social engineering involves manipulating individuals to disclose confidential information, and in web security, it often exploits human behaviors within social networks.
16. Which of the following is an example of a social engineering technique?
- Firewall
- Antivirus software
- Phishing
- Encryption
Phishing is a social engineering technique that involves tricking individuals into revealing sensitive information by posing as a trustworthy entity.
17. What is pretexting in the context of social engineering?
- Gaining unauthorized access
- Creating a false pretext or scenario
- Installing malware
- Denial-of-service attack
Pretexting involves creating a fabricated scenario to deceive individuals into divulging sensitive information.
18. Which social engineering technique often involves the use of malicious email or websites to deceive individuals?
- Spoofing
- Baiting
- Pharming
- Vishing
Spoofing often involves creating fake emails or websites to trick individuals into providing sensitive information.
19. Baiting is a social engineering technique that typically involves:
- Offering something enticing to lure victims
- Creating a false pretext
- Gaining unauthorized access
- Impersonating a trusted entity
Baiting involves offering something enticing to lure victims into a trap, such as a malware-infected file disguised as something desirable.
20. Which social engineering technique involves manipulating individuals through voice communication, often over the phone?
- Spear phishing
- Vishing
- Impersonation
- Baiting
Vishing (voice phishing) involves using voice communication to deceive individuals into providing sensitive information.
21. What is the primary goal of social engineering attacks?
- Destroying hardware
- Exploiting software vulnerabilities
- Manipulating individuals
- Conducting DDoS attacks
The primary goal of social engineering attacks is to manipulate individuals into divulging confidential information.
22. How can individuals protect themselves from phishing attacks?
- Disable firewalls
- Avoid using antivirus software
- Verify email sender identity
- Share passwords openly
Verifying the identity of the email sender is a crucial step in protecting against phishing attacks.
23. What does a pretext involve in social engineering?
- Creating a fake scenario
- Sending malicious emails
- Installing malware
- Gaining unauthorized access
A pretext involves creating a fabricated scenario to deceive individuals into revealing sensitive information.
24. Which of the following is a common target of social engineering attacks?
- Physical infrastructure
- Social networks
- Operating systems
- Power supply networks
Social engineering attacks often target human behavior within social networks.
25. How does baiting differ from phishing?
- Baiting involves voice communication, while phishing involves email.
- Baiting offers something enticing, while phishing deceives through false scenarios.
- Baiting targets physical infrastructure, while phishing targets digital systems.
- Baiting and phishing are synonymous terms.
Baiting involves offering something enticing, while phishing typically involves deceiving through false scenarios.
26. What is the primary purpose of vishing in social engineering?
- Impersonating a trusted entity
- Manipulating individuals through voice communication
- Installing malware on systems
- Denying service to users
Vishing involves manipulating individuals through voice communication to obtain sensitive information.
27. Pharming is a social engineering technique that involves:
- Creating a false pretext
- Redirecting website traffic to malicious sites
- Offering something enticing to lure victims
- Impersonating a trusted entity
Pharming involves redirecting website traffic to malicious sites, tricking individuals into providing sensitive information.
28. In the context of social engineering, what is spear phishing?
- Mass email attacks
- Targeted email attacks
- Voice communication attacks
- Installing malware through fake websites
Spear phishing is a targeted form of phishing, where attackers focus on specific individuals or organizations.
29. Which of the following is NOT a common social engineering technique?
- Phishing
- Spoofing
- DDoS attacks
- Baiting
DDoS attacks are not typically considered social engineering techniques; they involve overwhelming a system with traffic to disrupt services.
30. How can individuals protect themselves from pretexting attacks?
- Share personal information openly
- Verify the authenticity of requests
- Click on links in unsolicited emails
- Disable antivirus software
Verifying the authenticity of requests is essential in protecting against pretexting attacks.
