4. Social Engineering Attacks

Ref:📕CompTIA PenTest+ PT0-002 Cert Guide (Certification Guide) 2nd Edition

Press the Start button to begin the practice test.

PenTest+ (PT0-002) Chapter 04. Social Engineering Attacks

1 / 36

Which technique/method does a social engineer use to make a person act promptly by playing with their fears?

A. Authority

B. Scarcity and urgency

C. Social proof

D. Fear

2 / 36

Which of the following best describes the function of the Social-Engineer Toolkit (SET) in penetration testing?

A. It is only used for backing up system data before a penetration test.

B. It executes brute force attacks to test password strength.

C. It supports the creation and management of phishing emails and payloads.

D. It assists in network enumeration and scanning.

3 / 36

Which option should be selected in the Social-Engineer Toolkit (SET) to generate a normal PDF with an embedded EXE for a social engineering attack?

A. Create a FileFormat Payload

B. Use built-in BLANK PDF for attack

C. Adobe PDF Embedded EXE Social Engineering

D. Windows Reverse TCP Shell

4 / 36

Which of the following prevention techniques is NOT effective against shoulder surfing social engineering attacks?

A. User awareness and training

B. Installing special screen filters for computer displays

C. Frequently changing passwords

D. Using small hidden cameras and microphones

5 / 36

What is the main function of the Social-Engineer Toolkit (SET) in penetration testing?

A. To scan for open ports on a machine

B. To conduct social engineering attacks

C. To encrypt communication channels

D. To test server configurations

6 / 36

Which call spoofing tool can be used to generate different background noises?

A. SpoofApp

B. SpoofCard

C. Asterisk

D. None of the above

7 / 36

Which of the following best describes the technique of pretexting in the context of social engineering attacks?

A. Asking loaded questions to elicit information from the victim

B. Monitoring the victim’s body language and voice for signs of discomfort

C. Impersonating a different individual or role to gain access to information

D. Redirecting a victim from a legitimate website to a malicious one

8 / 36

Which of the following best describes how spear phishing operates according to the provided passage?

A. Spear phishing is a random attempt to gain unauthorized access to systems across different organizations.

B. Spear phishing relies on sending threatening emails to the victim’s organization.

C. In spear phishing, the threat actor impersonates trusted users within the company to make emails appear legitimate.

D. Spear phishing is a type of phishing where the attacker impersonates the victim.

9 / 36

What is one way attackers can perform a badge cloning attack?

A. By using a 3D printer to replicate the physical badge

B. By using specialized software and hardware

C. By hacking into the company’s database to download the badge design

D. By bribing security personnel to gain entry

10 / 36

What is pretexting in the context of social engineering attacks?

A. It’s a type of attack where the threat actor redirects a victim from a valid website to a malicious one

B. An attacker presents as someone else to gain access to information

C. It involves incorporating malicious ads on trusted websites

D. It’s a method where an attacker asks open-ended questions to learn about a victim’s viewpoints

11 / 36

How can one help mitigate SMS phishing attacks?

A. Clicking on links from unknown message senders

B. Clicking on the link in a random message about a problem with an Amazon order

C. Avoiding clicking on any links sent via text messages if not expected

D. Clicking on a link when a message says that there is a problem with a credit card transaction

12 / 36

What is the difference between piggybacking and tailgating in the context of social engineering?

A. Piggybacking requires the authorized person’s consent while tailgating does not.

B. Tailgating occurs in server rooms while piggybacking occurs in general areas.

C. Tailgating requires advanced technical skills but piggybacking does not.

D. Piggybacking involves multiple people, while tailgating involves one person.

13 / 36

What element does a social engineering attack primarily leverage?

A. The hardware in the network

B. The vulnerabilities in the software

C. The human users in the organization

D. The weaknesses in the network structure

14 / 36

What is the purpose of the Browser Exploitation Framework (BeEF)?

A. To redirect users to legitimate websites

B. To manipulate users by leveraging XSS vulnerabilities

C. To protect web applications from XSS and CSRF vulnerabilities

D. To test the robustness of session tokens on websites

15 / 36

What are the post-exploitation activities that the Social-Engineer Toolkit (SET) allows?

A. Spawning a Meterpreter shell, Windows reverse VNC DLL, reverse TCP shell

B. Installing a backdoor into the victim’s system

C. Hijacking the victim’s system

D. Writing an exploit for the victim’s system

16 / 36

Which of the following call spoofing tools is a legitimate voice over IP (VoIP) management tool that can also be used to impersonate caller ID?

A. SpoofApp

B. SpoofCard

C. Asterisk

D. None of the above

17 / 36

What is the definition of ’Social proof’ in the context of social engineering attacks?

A. Creating urgency or scarcity in a decision-making context.

B. Manipulating a person with fear to act promptly.

C. A psychological phenomenon in which an individual mimics the behavior of others due to uncertainty.

D. Social engineers ensuring that their appearance, behavior, and language are appealing and likable.

18 / 36

What are some of the actions that the Social-Engineer Toolkit (SET) can perform after a successful exploitation?

A. Spawn a command shell on the victim machine.

B. Launch a Windows Shell Bind_ TCP.

C. Create a Windows Meterpreter Reverse HTTPS.

D. All of the above

19 / 36

What is a key feature of the Social-Engineer Toolkit (SET) in the context of Spear-Phishing attack vectors?

A. SET can only be installed on Windows operating systems.

B. SET allows for integration with third-party tools and frameworks like Metasploit.

C. SET can only launch phishing attacks and no other type of social engineering attacks.

D. SET cannot generate a normal PDF with embedded EXE.

20 / 36

What can the Social-Engineer Toolkit (SET) be used for?

A. To launch numerous social engineering attacks

B. To generate passwords

C. To analyze code

D. To predict network traffic

21 / 36

Which of the following social engineering methods involves using the fear of losing out on an opportunity to manipulate the victim?

A. Authority

B. Scarcity and urgency

C. Social proof

D. Fear

22 / 36

Which among the following call spoofing tools is capable of generating different background noises and sending calls straight to voicemail during social engineering attacks?

A. SpoofApp

B. SpoofCard

C. Asterisk

D. None of the above

23 / 36

In the given email phishing example, why might the recipient be coaxed into disclosing their confidential information?

A. The email requests a payment confirmation

B. The email presents a familiar situation of delayed payments from the accounts department

C. The email includes an attachment that appears like a valid document

D. The email includes an MD5 Checksum

24 / 36

Which of the following is NOT a motivation technique/method of influence used by social engineers?

A. Authority

B. Sympathy

C. Scarcity and urgency

D. Social proof

25 / 36

Which of the following is an effective measure against dumpster diving?

A. Ignoring old storage media

B. Leaving documents in trash for extended periods

C. Storing sensitive documents safely and shredding when no longer required

D. Leaving recycling containers unattended

26 / 36

What is the main purpose of a Universal Serial Bus (USB) drop key attack?

A. To physically damage the computer system

B. To convince the user to enter their personal information

C. To convince the user to use lost USB drives and install malware on their system

D. To steal the user’s hardware equipment

27 / 36

What is the purpose of using the Social-Engineer Toolkit (SET) in a social engineering attack?

A. To decompile the application code

B. To protect the network from external attacks

C. To launch numerous social engineering attacks and integrate with other tools such as Metasploit

D. To repair the vulnerabilities in the system

28 / 36

Which of the following methods is NOT known to be used by social engineers as a form of manipulation?

A. Use of authority

B. Being unlikable

C. Use of fear

D. Creating scarcity and urgency

29 / 36

Which of the following call spoofing tools can be used to change your voice, record calls, generate different background noises, and send calls straight to voicemail?

A. SpoofApp

B. SpoofCard

C. Asterisk

D. Turbulence

30 / 36

Which of the following statements about the Social-Engineer Toolkit (SET) is incorrect?

A. SET is installed by default in Kali Linux and Parrot Security

B. SET can be used to launch numerous social engineering attacks

C. SET can be used to create a spear phishing email

D. SET is incompatible with third-party tools and frameworks

31 / 36

Which social engineering influence technique involves manipulating the victim’s concern that a disadvantageous or harmful outcome may occur?

A. Authority

B. Scarcity and urgency

C. Social proof

D. Fear

32 / 36

What is the primary purpose of a watering hole attack in the context of a computer network?

A. To scan the network for any possible vulnerabilities

B. To profile users of specific organizations and gain a foothold in the network

C. To compromise a website by injecting JavaScript or other similar code

D. To redirect users to another website

33 / 36

What type of attack would a penetration tester simulate in order to evaluate an organization’s physical security measures?

A. Social Engineering Attack

B. DDoS Attack

C. SQL Injection

D. Physical Attack

34 / 36

What is Vishing?

A. Voice phishing through a phone conversation

B. An attack vector that uses malicious software

C. A physical intrusion of a secure location

D. A type of cyber attack using email services

35 / 36

What sets whaling apart from other phishing attacks?

A. It targets high-profile business executives and key individuals

B. It uses malware to compromise the victim’s system

C. It leverages emails designed to mimic banking warnings

D. It is used to collect sensitive information from victims

36 / 36

What is the method called when an attacker impersonates someone else in order to gain access to information?

A. Pharming

B. Pretexting

C. Malvertising

D. Elicitation

Your score is

Boost Your Skills with Free Anki Flashcards

Click the download button to get the CompTIA Pentest+ Anki deck.

Develop your understanding of social engineering attacks with our CompTIA PenTest+ Chapter 04 practice questions.

This chapter explores the psychology behind attacks, common techniques, and preventive measures.
Gaining expertise in social engineering is essential for a well-rounded cybersecurity skill set. Enhance your study with our free Anki decks.
For more information, visit CompTIA’s official page. Feel ready for the next challenge?

Proceed to Chapter 05: Exploiting Wired and Wireless Networks to continue your preparation.

4. Social Engineering Attacks

Press the Start button to begin the practice test.

Boost Your Skills with Free Anki Flashcards

Explore our other free practice tests:

Related Posts

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

The Affordable, Hands-On Cyber Security that gets Results!

JOIN OUR

NEWSLETTER