Q. Susan calls staff at the company she has been contracted to conduct a phishing campaign against, focusing on individuals in the finance department. Over a few days, she persuades an employee to send a wire transfer to an account she has set up after telling the employee that she has let their boss know how talented they are. What motivation technique has she used?

View solution

Q. A USB key drop is an example of what type of technique?

View solution

Q. Steve inadvertently sets off an alarm and is discovered by a security guard during an on-site penetration test. What should his first response be?

View solution

Q. Andrew knows that the employees at his target company frequently visit a football discussion site popular in the local area. As part of his penetration testing, he successfully places malware on the site and takes over multiple PCs belonging to employees. What type of attack has he used?

View solution

Q. What occurs during a quid pro quo social engineering attempt?

View solution

Q. Charles sends a phishing email to a target organization and includes the line “Only five respondents will receive a cash prize.” Which social engineering motivation strategy is he using?

View solution

Q. Allan wants to gain access to a target company’s premises but discovers that his original idea of jumping the fence probably isn’t practical. His new plan is to pretend to be a delivery person with a box that requires a personal signature from an employee. What technique is he using?

View solution

Q. Megan wants to clone an ID badge for the company that she is performing a penetration test against. Which of the following types of badge can be cloned without even touching it?

View solution

Q. Which social engineering motivation technique relies on persuading the target that other people have behaved similarly and thus that they could too?

View solution

Q. Cameron sends a phishing email to all of the administrative assistants in a company. What type of phishing attack is he conducting?

View solution

Q. Emily wants to gather information about an organization but does not want to enter the building. What physical data gathering technique can she use to potentially gather business documents without entering the building?

View solution

Q. Frank receives a message to his cell phone from a phone number that appears to be from the IRS. When he answers, the caller tells him that he has past due taxes and is in legal trouble. What type of social engineering attack has Frank encountered?

View solution

Q. Chris sends a phishing email specifically to Susan, the CEO at his target company. What type of phishing attack is he conducting?

View solution

Q. Jen has been contracted to perform a penetration test against Flamingo, Inc. As part of her penetration test, she has been asked to conduct a phishing campaign and to use the results of that campaign to gain access to Flamingo systems and networks. The scope of the penetration test does not include a physical penetration test, so Jen must work entirely remotely.
After attempting to lure employees at Flamingo, Inc., to fall for a phishing campaign, Jen finds that she hasn’t acquired any useful credentials. She decides to try a USB key drop. Which of the following Social-Engineer Toolkit modules should she select to help her succeed?

View solution

Q. Jen has been contracted to perform a penetration test against Flamingo, Inc. As part of her penetration test, she has been asked to conduct a phishing campaign and to use the results of that campaign to gain access to Flamingo systems and networks. The scope of the penetration test does not include a physical penetration test, so Jen must work entirely remotely.
Jen wants to deploy a malicious website as part of her penetration testing attempt so that she can exploit browsers belonging to employees. What framework is best suited to this?

View solution

Q. Jen has been contracted to perform a penetration test against Flamingo, Inc. As part of her penetration test, she has been asked to conduct a phishing campaign and to use the results of that campaign to gain access to Flamingo systems and networks. The scope of the penetration test does not include a physical penetration test, so Jen must work entirely remotely.
Jen wants to send a phishing message to employees at the company. She wants to learn the user IDs of various targets in the company and decides to call them using a spoofed VoIP phone number similar to those used inside the company. Once she reaches her targets, she pretends to be an administrative assistant working with one of Flamingo’s senior executives and asks her targets for their email account information. What type of social engineering is this?

View solution

Q. Which of the following technologies is most resistant to badge cloning attacks if implemented properly?

View solution

Q. Mike wants to enter an organization’s high-security data center. Which of the following techniques is most likely to stop his tailgating attempt?

View solution

Q. Cynthia wants to use a phishing attack to acquire credentials belonging to the senior leadership of her target. What type of phishing attack should she use?

View solution

Q. What do vishing, smishing, whaling, and spear phishing have in common?

View solution