Free CompTIA PenTest+ PT0-002: 04 Social Engineering – Free Anki Decks

Ref:📕CompTIA PenTest+ PT0-002 Cert Guide (Certification Guide) 2nd Edition

PenTest+ (PT0-002) Chapter 04. Social Engineering Attacks

1 / 36

In the given email phishing example, why might the recipient be coaxed into disclosing their confidential information?

A. The email requests a payment confirmation

B. The email presents a familiar situation of delayed payments from the accounts department

C. The email includes an attachment that appears like a valid document

D. The email includes an MD5 Checksum

2 / 36

What type of attack would a penetration tester simulate in order to evaluate an organization’s physical security measures?

A. Social Engineering Attack

B. DDoS Attack

C. SQL Injection

D. Physical Attack

3 / 36

Which of the following call spoofing tools can be used to change your voice, record calls, generate different background noises, and send calls straight to voicemail?

A. SpoofApp

B. SpoofCard

C. Asterisk

D. Turbulence

4 / 36

Which call spoofing tool can be used to generate different background noises?

A. SpoofApp

B. SpoofCard

C. Asterisk

D. None of the above

5 / 36

Which of the following social engineering methods involves using the fear of losing out on an opportunity to manipulate the victim?

A. Authority

B. Scarcity and urgency

C. Social proof

D. Fear

6 / 36

What are the post-exploitation activities that the Social-Engineer Toolkit (SET) allows?

A. Spawning a Meterpreter shell, Windows reverse VNC DLL, reverse TCP shell

B. Installing a backdoor into the victim’s system

C. Hijacking the victim’s system

D. Writing an exploit for the victim’s system

7 / 36

Which of the following is an effective measure against dumpster diving?

A. Ignoring old storage media

B. Leaving documents in trash for extended periods

C. Storing sensitive documents safely and shredding when no longer required

D. Leaving recycling containers unattended

8 / 36

Which of the following best describes how spear phishing operates according to the provided passage?

A. Spear phishing is a random attempt to gain unauthorized access to systems across different organizations.

B. Spear phishing relies on sending threatening emails to the victim’s organization.

C. In spear phishing, the threat actor impersonates trusted users within the company to make emails appear legitimate.

D. Spear phishing is a type of phishing where the attacker impersonates the victim.

9 / 36

What is the purpose of the Browser Exploitation Framework (BeEF)?

A. To redirect users to legitimate websites

B. To manipulate users by leveraging XSS vulnerabilities

C. To protect web applications from XSS and CSRF vulnerabilities

D. To test the robustness of session tokens on websites

10 / 36

What is the primary purpose of a watering hole attack in the context of a computer network?

A. To scan the network for any possible vulnerabilities

B. To profile users of specific organizations and gain a foothold in the network

C. To compromise a website by injecting JavaScript or other similar code

D. To redirect users to another website

11 / 36

What is a key feature of the Social-Engineer Toolkit (SET) in the context of Spear-Phishing attack vectors?

A. SET can only be installed on Windows operating systems.

B. SET allows for integration with third-party tools and frameworks like Metasploit.

C. SET can only launch phishing attacks and no other type of social engineering attacks.

D. SET cannot generate a normal PDF with embedded EXE.

12 / 36

What is pretexting in the context of social engineering attacks?

A. It’s a type of attack where the threat actor redirects a victim from a valid website to a malicious one

B. An attacker presents as someone else to gain access to information

C. It involves incorporating malicious ads on trusted websites

D. It’s a method where an attacker asks open-ended questions to learn about a victim’s viewpoints

13 / 36

What is Vishing?

A. Voice phishing through a phone conversation

B. An attack vector that uses malicious software

C. A physical intrusion of a secure location

D. A type of cyber attack using email services

14 / 36

What element does a social engineering attack primarily leverage?

A. The hardware in the network

B. The vulnerabilities in the software

C. The human users in the organization

D. The weaknesses in the network structure

15 / 36

How can one help mitigate SMS phishing attacks?

A. Clicking on links from unknown message senders

B. Clicking on the link in a random message about a problem with an Amazon order

C. Avoiding clicking on any links sent via text messages if not expected

D. Clicking on a link when a message says that there is a problem with a credit card transaction

16 / 36

What is the difference between piggybacking and tailgating in the context of social engineering?

A. Piggybacking requires the authorized person’s consent while tailgating does not.

B. Tailgating occurs in server rooms while piggybacking occurs in general areas.

C. Tailgating requires advanced technical skills but piggybacking does not.

D. Piggybacking involves multiple people, while tailgating involves one person.

17 / 36

What is the method called when an attacker impersonates someone else in order to gain access to information?

A. Pharming

B. Pretexting

C. Malvertising

D. Elicitation

18 / 36

What can the Social-Engineer Toolkit (SET) be used for?

A. To launch numerous social engineering attacks

B. To generate passwords

C. To analyze code

D. To predict network traffic

19 / 36

Which of the following statements about the Social-Engineer Toolkit (SET) is incorrect?

A. SET is installed by default in Kali Linux and Parrot Security

B. SET can be used to launch numerous social engineering attacks

C. SET can be used to create a spear phishing email

D. SET is incompatible with third-party tools and frameworks

20 / 36

Which option should be selected in the Social-Engineer Toolkit (SET) to generate a normal PDF with an embedded EXE for a social engineering attack?

A. Create a FileFormat Payload

B. Use built-in BLANK PDF for attack

C. Adobe PDF Embedded EXE Social Engineering

D. Windows Reverse TCP Shell

21 / 36

Which of the following methods is NOT known to be used by social engineers as a form of manipulation?

A. Use of authority

B. Being unlikable

C. Use of fear

D. Creating scarcity and urgency

22 / 36

Which of the following call spoofing tools is a legitimate voice over IP (VoIP) management tool that can also be used to impersonate caller ID?

A. SpoofApp

B. SpoofCard

C. Asterisk

D. None of the above

23 / 36

Which of the following is NOT a motivation technique/method of influence used by social engineers?

A. Authority

B. Sympathy

C. Scarcity and urgency

D. Social proof

24 / 36

Which among the following call spoofing tools is capable of generating different background noises and sending calls straight to voicemail during social engineering attacks?

A. SpoofApp

B. SpoofCard

C. Asterisk

D. None of the above

25 / 36

What sets whaling apart from other phishing attacks?

A. It targets high-profile business executives and key individuals

B. It uses malware to compromise the victim’s system

C. It leverages emails designed to mimic banking warnings

D. It is used to collect sensitive information from victims

26 / 36

What are some of the actions that the Social-Engineer Toolkit (SET) can perform after a successful exploitation?

A. Spawn a command shell on the victim machine.

B. Launch a Windows Shell Bind_ TCP.

C. Create a Windows Meterpreter Reverse HTTPS.

D. All of the above

27 / 36

Which social engineering influence technique involves manipulating the victim’s concern that a disadvantageous or harmful outcome may occur?

A. Authority

B. Scarcity and urgency

C. Social proof

D. Fear

28 / 36

Which of the following best describes the technique of pretexting in the context of social engineering attacks?

A. Asking loaded questions to elicit information from the victim

B. Monitoring the victim’s body language and voice for signs of discomfort

C. Impersonating a different individual or role to gain access to information

D. Redirecting a victim from a legitimate website to a malicious one

29 / 36

What is one way attackers can perform a badge cloning attack?

A. By using a 3D printer to replicate the physical badge

B. By using specialized software and hardware

C. By hacking into the company’s database to download the badge design

D. By bribing security personnel to gain entry

30 / 36

What is the main function of the Social-Engineer Toolkit (SET) in penetration testing?

A. To scan for open ports on a machine

B. To conduct social engineering attacks

C. To encrypt communication channels

D. To test server configurations

31 / 36

Which of the following prevention techniques is NOT effective against shoulder surfing social engineering attacks?

A. User awareness and training

B. Installing special screen filters for computer displays

C. Frequently changing passwords

D. Using small hidden cameras and microphones

32 / 36

Which technique/method does a social engineer use to make a person act promptly by playing with their fears?

A. Authority

B. Scarcity and urgency

C. Social proof

D. Fear

33 / 36

What is the purpose of using the Social-Engineer Toolkit (SET) in a social engineering attack?

A. To decompile the application code

B. To protect the network from external attacks

C. To launch numerous social engineering attacks and integrate with other tools such as Metasploit

D. To repair the vulnerabilities in the system

34 / 36

What is the definition of ’Social proof’ in the context of social engineering attacks?

A. Creating urgency or scarcity in a decision-making context.

B. Manipulating a person with fear to act promptly.

C. A psychological phenomenon in which an individual mimics the behavior of others due to uncertainty.

D. Social engineers ensuring that their appearance, behavior, and language are appealing and likable.

35 / 36

What is the main purpose of a Universal Serial Bus (USB) drop key attack?

A. To physically damage the computer system

B. To convince the user to enter their personal information

C. To convince the user to use lost USB drives and install malware on their system

D. To steal the user’s hardware equipment

36 / 36

Which of the following best describes the function of the Social-Engineer Toolkit (SET) in penetration testing?

A. It is only used for backing up system data before a penetration test.

B. It executes brute force attacks to test password strength.

C. It supports the creation and management of phishing emails and payloads.

D. It assists in network enumeration and scanning.

Your score is

Share the Post:

Previous slide

Next slide

Share the Post:

Develop your understanding of social engineering attacks with our CompTIA PenTest+ Chapter 04 practice questions.

This chapter explores the psychology behind attacks, common techniques, and preventive measures.
Gaining expertise in social engineering is essential for a well-rounded cybersecurity skill set. Enhance your study with our Free Anki decks.
For more information, visit CompTIA’s official page. Feel ready for the next challenge?

Proceed to Chapter 05: Exploiting Wired and Wireless Networks to continue your preparation.

Discover How to Work Remotely and Travel!
Have you ever dreamed about working from beautiful places like Thailand or Japan, but weren’t sure if it’s possible? I’m here to share my adventures and some tips on how to make working remotely while exploring the world a reality. Who Am I? My name is Josh, and I’m all about creating helpful content on […]
Why Contract Work in IT Can Be a Good Start for Your Career
Hey buddies! Are you curious about what it’s like to work in IT and cyber security? Well, you’re in luck because today we’re diving into the world of contract work and how it might just be the jumpstart your career needed! Getting Into the World of Contract Work in IT Josh, an expert in IT […]
Is Cyber Security a Career That Will Last Forever?
Hey everyone! Have you ever wondered if choosing a career in cyber security is a good idea for the long haul? Well, let’s dive into this topic with the help of Josh Maor’s insights, and find out why cyber security might just be one of the smartest career choices out there. What Is Cyber Security? […]

Hands-on
Cybersecurity Training
in a LIVE SOC
with Enterprise Security Tools

Internships Available.

Join Now!

Free CompTIA PenTest+ PT0-002: 04 Social Engineering – Free Anki Decks

Fill up to receive the FREE CompTIA PenTest+ deck!

Related Posts

Hands-onCybersecurity Training in a LIVE SOCwith Enterprise Security ToolsInternships Available.

Hands-on
Cybersecurity Training
in a LIVE SOC
with Enterprise Security Tools

Internships Available.