Q. What is the main aim of phishing attempts?

View solution

Q. What is a watering hole attack in the context of web-based social engineering?

View solution

Q. What is the purpose of combining social engineering techniques with technical tools in penetration testing?

View solution

Q. Which tool is a menu-driven social engineering attack system that provides spear phishing, website, infectious media, and other attack vectors?

View solution

Q. What is SET (Social Engineering Toolkit) integrated with to generate payloads?

View solution

Q. Which penetration testing tool is designed to allow exploitation of web browsers?

View solution

Q. What information does BeEF provide about the connected browser?

View solution

Q. What does BeEF allow penetration testers to do inside a hooked browser?

View solution

Q. What is the purpose of caller ID and VoIP call spoofing tools in penetration testing?

View solution

Q. What advantage does physical access provide in penetration testing that isn't available in remote network-based assessments?

View solution

Q. What is one technique for gaining physical access to facilities in penetration testing?

View solution

Q. What is social engineering in the context of penetration testing?

View solution

Q. What are some common motivating factors relied upon in social engineering?

View solution

Q. What do toolkits like the Social Engineering Toolkit (SET) and the Browser Exploitation Framework (BeEF) leverage in penetration testing?

View solution

Q. What do vishing, smishing, whaling, and spear phishing have in common?

View solution

Q. Cynthia wants to use a phishing attack to acquire credentials belonging to the senior leadership of her target. What type of phishing attack should she use?

View solution

Q. Mike wants to enter an organization’s high-security data center. Which of the following techniques is most likely to stop his tailgating attempt?

View solution

Q. Which of the following technologies is most resistant to badge cloning attacks if implemented properly?

View solution

Q. Jen has been contracted to perform a penetration test against Flamingo, Inc. As part of her penetration test, she has been asked to conduct a phishing campaign and to use the results of that campaign to gain access to Flamingo systems and networks. The scope of the penetration test does not include a physical penetration test, so Jen must work entirely remotely.
Jen wants to send a phishing message to employees at the company. She wants to learn the user IDs of various targets in the company and decides to call them using a spoofed VoIP phone number similar to those used inside the company. Once she reaches her targets, she pretends to be an administrative assistant working with one of Flamingo’s senior executives and asks her targets for their email account information. What type of social engineering is this?

View solution

Q. Jen has been contracted to perform a penetration test against Flamingo, Inc. As part of her penetration test, she has been asked to conduct a phishing campaign and to use the results of that campaign to gain access to Flamingo systems and networks. The scope of the penetration test does not include a physical penetration test, so Jen must work entirely remotely.
Jen wants to deploy a malicious website as part of her penetration testing attempt so that she can exploit browsers belonging to employees. What framework is best suited to this?

View solution