Free CompTIA PenTest+ PT0-002: 04 Social Engineering – Free Anki Decks

Ref:📕CompTIA PenTest+ PT0-002 Cert Guide (Certification Guide) 2nd Edition

PenTest+ (PT0-002) Chapter 04. Social Engineering Attacks

1 / 36

What are some of the actions that the Social-Engineer Toolkit (SET) can perform after a successful exploitation?

A. Spawn a command shell on the victim machine.

B. Launch a Windows Shell Bind_ TCP.

C. Create a Windows Meterpreter Reverse HTTPS.

D. All of the above

2 / 36

Which among the following call spoofing tools is capable of generating different background noises and sending calls straight to voicemail during social engineering attacks?

A. SpoofApp

B. SpoofCard

C. Asterisk

D. None of the above

3 / 36

What is the definition of ’Social proof’ in the context of social engineering attacks?

A. Creating urgency or scarcity in a decision-making context.

B. Manipulating a person with fear to act promptly.

C. A psychological phenomenon in which an individual mimics the behavior of others due to uncertainty.

D. Social engineers ensuring that their appearance, behavior, and language are appealing and likable.

4 / 36

Which social engineering influence technique involves manipulating the victim’s concern that a disadvantageous or harmful outcome may occur?

A. Authority

B. Scarcity and urgency

C. Social proof

D. Fear

5 / 36

What are the post-exploitation activities that the Social-Engineer Toolkit (SET) allows?

A. Spawning a Meterpreter shell, Windows reverse VNC DLL, reverse TCP shell

B. Installing a backdoor into the victim’s system

C. Hijacking the victim’s system

D. Writing an exploit for the victim’s system

6 / 36

What is the main purpose of a Universal Serial Bus (USB) drop key attack?

A. To physically damage the computer system

B. To convince the user to enter their personal information

C. To convince the user to use lost USB drives and install malware on their system

D. To steal the user’s hardware equipment

7 / 36

Which of the following is an effective measure against dumpster diving?

A. Ignoring old storage media

B. Leaving documents in trash for extended periods

C. Storing sensitive documents safely and shredding when no longer required

D. Leaving recycling containers unattended

8 / 36

What is one way attackers can perform a badge cloning attack?

A. By using a 3D printer to replicate the physical badge

B. By using specialized software and hardware

C. By hacking into the company’s database to download the badge design

D. By bribing security personnel to gain entry

9 / 36

How can one help mitigate SMS phishing attacks?

A. Clicking on links from unknown message senders

B. Clicking on the link in a random message about a problem with an Amazon order

C. Avoiding clicking on any links sent via text messages if not expected

D. Clicking on a link when a message says that there is a problem with a credit card transaction

10 / 36

What can the Social-Engineer Toolkit (SET) be used for?

A. To launch numerous social engineering attacks

B. To generate passwords

C. To analyze code

D. To predict network traffic

11 / 36

Which call spoofing tool can be used to generate different background noises?

A. SpoofApp

B. SpoofCard

C. Asterisk

D. None of the above

12 / 36

What is the method called when an attacker impersonates someone else in order to gain access to information?

A. Pharming

B. Pretexting

C. Malvertising

D. Elicitation

13 / 36

What is a key feature of the Social-Engineer Toolkit (SET) in the context of Spear-Phishing attack vectors?

A. SET can only be installed on Windows operating systems.

B. SET allows for integration with third-party tools and frameworks like Metasploit.

C. SET can only launch phishing attacks and no other type of social engineering attacks.

D. SET cannot generate a normal PDF with embedded EXE.

14 / 36

Which of the following prevention techniques is NOT effective against shoulder surfing social engineering attacks?

A. User awareness and training

B. Installing special screen filters for computer displays

C. Frequently changing passwords

D. Using small hidden cameras and microphones

15 / 36

Which of the following best describes the function of the Social-Engineer Toolkit (SET) in penetration testing?

A. It is only used for backing up system data before a penetration test.

B. It executes brute force attacks to test password strength.

C. It supports the creation and management of phishing emails and payloads.

D. It assists in network enumeration and scanning.

16 / 36

Which of the following call spoofing tools is a legitimate voice over IP (VoIP) management tool that can also be used to impersonate caller ID?

A. SpoofApp

B. SpoofCard

C. Asterisk

D. None of the above

17 / 36

What is the primary purpose of a watering hole attack in the context of a computer network?

A. To scan the network for any possible vulnerabilities

B. To profile users of specific organizations and gain a foothold in the network

C. To compromise a website by injecting JavaScript or other similar code

D. To redirect users to another website

18 / 36

Which of the following is NOT a motivation technique/method of influence used by social engineers?

A. Authority

B. Sympathy

C. Scarcity and urgency

D. Social proof

19 / 36

What is the difference between piggybacking and tailgating in the context of social engineering?

A. Piggybacking requires the authorized person’s consent while tailgating does not.

B. Tailgating occurs in server rooms while piggybacking occurs in general areas.

C. Tailgating requires advanced technical skills but piggybacking does not.

D. Piggybacking involves multiple people, while tailgating involves one person.

20 / 36

What type of attack would a penetration tester simulate in order to evaluate an organization’s physical security measures?

A. Social Engineering Attack

B. DDoS Attack

C. SQL Injection

D. Physical Attack

21 / 36

Which of the following call spoofing tools can be used to change your voice, record calls, generate different background noises, and send calls straight to voicemail?

A. SpoofApp

B. SpoofCard

C. Asterisk

D. Turbulence

22 / 36

Which of the following social engineering methods involves using the fear of losing out on an opportunity to manipulate the victim?

A. Authority

B. Scarcity and urgency

C. Social proof

D. Fear

23 / 36

What sets whaling apart from other phishing attacks?

A. It targets high-profile business executives and key individuals

B. It uses malware to compromise the victim’s system

C. It leverages emails designed to mimic banking warnings

D. It is used to collect sensitive information from victims

24 / 36

Which technique/method does a social engineer use to make a person act promptly by playing with their fears?

A. Authority

B. Scarcity and urgency

C. Social proof

D. Fear

25 / 36

What is the purpose of the Browser Exploitation Framework (BeEF)?

A. To redirect users to legitimate websites

B. To manipulate users by leveraging XSS vulnerabilities

C. To protect web applications from XSS and CSRF vulnerabilities

D. To test the robustness of session tokens on websites

26 / 36

What element does a social engineering attack primarily leverage?

A. The hardware in the network

B. The vulnerabilities in the software

C. The human users in the organization

D. The weaknesses in the network structure

27 / 36

Which of the following best describes the technique of pretexting in the context of social engineering attacks?

A. Asking loaded questions to elicit information from the victim

B. Monitoring the victim’s body language and voice for signs of discomfort

C. Impersonating a different individual or role to gain access to information

D. Redirecting a victim from a legitimate website to a malicious one

28 / 36

What is the main function of the Social-Engineer Toolkit (SET) in penetration testing?

A. To scan for open ports on a machine

B. To conduct social engineering attacks

C. To encrypt communication channels

D. To test server configurations

29 / 36

Which of the following best describes how spear phishing operates according to the provided passage?

A. Spear phishing is a random attempt to gain unauthorized access to systems across different organizations.

B. Spear phishing relies on sending threatening emails to the victim’s organization.

C. In spear phishing, the threat actor impersonates trusted users within the company to make emails appear legitimate.

D. Spear phishing is a type of phishing where the attacker impersonates the victim.

30 / 36

Which option should be selected in the Social-Engineer Toolkit (SET) to generate a normal PDF with an embedded EXE for a social engineering attack?

A. Create a FileFormat Payload

B. Use built-in BLANK PDF for attack

C. Adobe PDF Embedded EXE Social Engineering

D. Windows Reverse TCP Shell

31 / 36

What is Vishing?

A. Voice phishing through a phone conversation

B. An attack vector that uses malicious software

C. A physical intrusion of a secure location

D. A type of cyber attack using email services

32 / 36

Which of the following methods is NOT known to be used by social engineers as a form of manipulation?

A. Use of authority

B. Being unlikable

C. Use of fear

D. Creating scarcity and urgency

33 / 36

What is the purpose of using the Social-Engineer Toolkit (SET) in a social engineering attack?

A. To decompile the application code

B. To protect the network from external attacks

C. To launch numerous social engineering attacks and integrate with other tools such as Metasploit

D. To repair the vulnerabilities in the system

34 / 36

What is pretexting in the context of social engineering attacks?

A. It’s a type of attack where the threat actor redirects a victim from a valid website to a malicious one

B. An attacker presents as someone else to gain access to information

C. It involves incorporating malicious ads on trusted websites

D. It’s a method where an attacker asks open-ended questions to learn about a victim’s viewpoints

35 / 36

Which of the following statements about the Social-Engineer Toolkit (SET) is incorrect?

A. SET is installed by default in Kali Linux and Parrot Security

B. SET can be used to launch numerous social engineering attacks

C. SET can be used to create a spear phishing email

D. SET is incompatible with third-party tools and frameworks

36 / 36

In the given email phishing example, why might the recipient be coaxed into disclosing their confidential information?

A. The email requests a payment confirmation

B. The email presents a familiar situation of delayed payments from the accounts department

C. The email includes an attachment that appears like a valid document

D. The email includes an MD5 Checksum

Your score is

Share the Post:

Download Your FREE CompTIA PenTest+(PT0-002) Anki Deck!

Email issues? [ [email protected] ]

Share the Post:

Develop your understanding of social engineering attacks with our CompTIA PenTest+ Chapter 04 practice questions.

This chapter explores the psychology behind attacks, common techniques, and preventive measures.
Gaining expertise in social engineering is essential for a well-rounded cybersecurity skill set. Enhance your study with our Free Anki decks.
For more information, visit CompTIA’s official page. Feel ready for the next challenge?

Proceed to Chapter 05: Exploiting Wired and Wireless Networks to continue your preparation.

WGU Master’s Degree Rankings 2026 | I Asked 3 AIs 300 Times to Find the Best One
Table of Contents Which WGU Master’s Degree Is Actually Worth It? If you’re considering a master’s degree from WGU and can’t figure out which program to choose — cybersecurity, software engineering, AI/ML, data analytics — you’re not alone. The options are overwhelming, and most comparisons online are either outdated or purely opinion-based. So here’s a […]
How I Made $1.3 Million in Cybersecurity (With Exact Revenue Numbers)
Table of Contents If you’re stuck at $50K–$100K and wondering, “How the hell do people make seven figures?” this is for you.I’m Josh Madakor. In 2025, I made $1.3 million in cybersecurity. Not from a corporate job. Not from VC funding. And definitely not from selling a bullshit course.In this article, I’ll break down everything: […]
The Best Laptops for Cyber Security in 2026: Stop Over-Analyzing, Start Building
Table of Contents Let’s be real: most people think that to get into cyber security, you need to be a “super elite hacker” running 10 different virtual machines on a glowing, heavy-duty gaming laptop. Spoiler alert: That’s just not how the industry works. I’ve spent years in roles ranging from Senior Analyst to Security Engineer, […]

Hands-on
Cybersecurity Training
in a LIVE SOC
with Enterprise Security Tools

Internships Available.

Join Now!

Free CompTIA PenTest+ PT0-002: 04 Social Engineering – Free Anki Decks

Download Your FREE CompTIA PenTest+(PT0-002) Anki Deck!

Related Posts

Hands-onCybersecurity Training in a LIVE SOCwith Enterprise Security ToolsInternships Available.

Hands-on
Cybersecurity Training
in a LIVE SOC
with Enterprise Security Tools

Internships Available.