adplus-dvertising

Welcome to the Exploiting Physical and Social Vulnerabilities MCQs Page

Dive deep into the fascinating world of Exploiting Physical and Social Vulnerabilities with our comprehensive set of Multiple-Choice Questions (MCQs). This page is dedicated to exploring the fundamental concepts and intricacies of Exploiting Physical and Social Vulnerabilities, a crucial aspect of CompTIA PenTest+ Certification Exam PT0 002. In this section, you will encounter a diverse range of MCQs that cover various aspects of Exploiting Physical and Social Vulnerabilities, from the basic principles to advanced topics. Each question is thoughtfully crafted to challenge your knowledge and deepen your understanding of this critical subcategory within CompTIA PenTest+ Certification Exam PT0 002.

frame-decoration

Check out the MCQs below to embark on an enriching journey through Exploiting Physical and Social Vulnerabilities. Test your knowledge, expand your horizons, and solidify your grasp on this vital area of CompTIA PenTest+ Certification Exam PT0 002.

Note: Each MCQ comes with multiple answer choices. Select the most appropriate option and test your understanding of Exploiting Physical and Social Vulnerabilities. You can click on an option to test your knowledge before viewing the solution for a MCQ. Happy learning!

Exploiting Physical and Social Vulnerabilities MCQs | Page 5 of 7

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

Q41.
What are some common motivating factors relied upon in social engineering?

a.

Building perceived trust, making the target feel indebted, persuading the target of authority, creating a sense of urgency, scarcity, or fear, feeling of likeness or similarity, and social proof

b.

Conducting dumpster diving, shoulder surfing, and picking locks

c.

Cloning badges, triggering door sensors, and piggybacking

d.

Using toolkits like SET and BeEF

Discuss
Answer: (a).Building perceived trust, making the target feel indebted, persuading the target of authority, creating a sense of urgency, scarcity, or fear, feeling of likeness or similarity, and social proof Explanation:Common motivating factors in social engineering include building perceived trust, making the target feel indebted, persuading the target of authority, creating a sense of urgency, scarcity, or fear, feeling of likeness or similarity, and social proof.
Q42.
What do toolkits like the Social Engineering Toolkit (SET) and the Browser Exploitation Framework (BeEF) leverage in penetration testing?

a.

Physical access

b.

Dumpster diving

c.

Human weaknesses and social engineering techniques

d.

Wired networks

Discuss
Answer: (c).Human weaknesses and social engineering techniques Explanation:Toolkits like the Social Engineering Toolkit (SET) and the Browser Exploitation Framework (BeEF) leverage human weaknesses and match social engineering techniques with technical means in penetration testing.
Q43.
What do vishing, smishing, whaling, and spear phishing have in common?

a.

Dumpster diving techniques

b.

Physical access methods

c.

Social engineering techniques for phishing

d.

Network scanning methods

Discuss
Answer: (c).Social engineering techniques for phishing Explanation:Vishing, smishing, whaling, and spear phishing are all social engineering techniques for phishing, typically targeting information like usernames, passwords, etc.
Q44.
Cynthia wants to use a phishing attack to acquire credentials belonging to the senior leadership of her target. What type of phishing attack should she use?

a.

Smishing

b.

VIPhishing

c.

Whaling

d.

Spear phishing

Discuss
Answer: (c).Whaling Explanation:Whaling is a specialized form of phishing that targets important leaders and senior staff. If Cynthia was specifically targeting individuals, it would be spear phishing. Smishing uses SMS messages.
Q45.
Mike wants to enter an organization’s high-security data center. Which of the following techniques is most likely to stop his tailgating attempt?

a.

Security cameras

b.

A security vestibule

c.

An egress sensor

d.

An RFID badge reader

Discuss
Answer: (b).A security vestibule Explanation:A security vestibule allows only one individual through at a time, with doors at either end that unlock and open one at a time. It will prevent most piggybacking or tailgating behavior unless employees are willfully negligent.
Q46.
Which of the following technologies is most resistant to badge cloning attacks if implemented properly?

a.

Low-frequency RFID

b.

Magstripes

c.

Medium-frequency RFID

d.

Smartcards

Discuss
Answer: (d).Smartcards Explanation:Most organizations continue to use RFID or magnetic stripe technology for entry access cards, making a penetration tester’s job easier, since both technologies can be cloned. Smartcards are far more difficult to clone if implemented properly.
Q47.
Jen has been contracted to perform a penetration test against Flamingo, Inc. As part of her penetration test, she has been asked to conduct a phishing campaign and to use the results of that campaign to gain access to Flamingo systems and networks. The scope of the penetration test does not include a physical penetration test, so Jen must work entirely remotely.
Jen wants to send a phishing message to employees at the company. She wants to learn the user IDs of various targets in the company and decides to call them using a spoofed VoIP phone number similar to those used inside the company. Once she reaches her targets, she pretends to be an administrative assistant working with one of Flamingo’s senior executives and asks her targets for their email account information. What type of social engineering is this?

a.

Impersonation

b.

Interrogation

c.

Shoulder surfing

d.

Administrivia

Discuss
Answer: (a).Impersonation Explanation:Jen is impersonating an administrative assistant. Interrogation techniques are more aggressive and run the risk of making the target defensive or aware they are being interrogated. Shoulder surfing is the process of looking over a person’s shoulder to acquire information, and administrivia isn’t a penetration testing term.
Q48.
Jen has been contracted to perform a penetration test against Flamingo, Inc. As part of her penetration test, she has been asked to conduct a phishing campaign and to use the results of that campaign to gain access to Flamingo systems and networks. The scope of the penetration test does not include a physical penetration test, so Jen must work entirely remotely.
Jen wants to deploy a malicious website as part of her penetration testing attempt so that she can exploit browsers belonging to employees. What framework is best suited to this?

a.

Metasploit

b.

BeEF

c.

SET

d.

OWASP

Discuss
Answer: (b).BeEF Explanation:The Browser Exploitation Framework, or BeEF, is specifically designed for this type of attack. Jen can use it to easily deploy browser exploit tools to a malicious website and can then use various phishing and social engineering techniques to get Flamingo employees to visit the site.
Q49.
Jen has been contracted to perform a penetration test against Flamingo, Inc. As part of her penetration test, she has been asked to conduct a phishing campaign and to use the results of that campaign to gain access to Flamingo systems and networks. The scope of the penetration test does not include a physical penetration test, so Jen must work entirely remotely.
After attempting to lure employees at Flamingo, Inc., to fall for a phishing campaign, Jen finds that she hasn’t acquired any useful credentials. She decides to try a USB key drop. Which of the following Social-Engineer Toolkit modules should she select to help her succeed?

a.

The website attack vectors module

b.

The Infectious Media Generator

c.

The Mass Mailer Module

d.

The Teensy USB HID attack module

Discuss
Answer: (b).The Infectious Media Generator Explanation:Jen should use the infectious media generator tool, which is designed to create thumb drives and other media that can be dropped on-site for employees to pick up. The Teensy USB HID attack module may be a tempting answer, but it is designed to make a Teensy (a tiny computer much like an Arduino) act like a keyboard or other human interface device rather than to create infected media. Creating a website attack or a mass mailer attack isn’t part of a USB key drop.
Q50.
Chris sends a phishing email specifically to Susan, the CEO at his target company. What type of phishing attack is he conducting?

a.

CEO baiting

b.

Spear phishing

c.

Phish hooking

d.

Hook SETting

Discuss
Answer: (b).Spear phishing Explanation:Chris is conducting a spear phishing attack. Spear phishing attacks target specific individuals. If Chris was targeting a group of important individuals, this might be a whaling attack instead.
Page 5 of 7

Suggested Topics

Are you eager to expand your knowledge beyond CompTIA PenTest+ Certification Exam PT0 002? We've curated a selection of related categories that you might find intriguing.

Click on the categories below to discover a wealth of MCQs and enrich your understanding of Computer Science. Happy exploring!

MongoDB

Learn the leading NoSQL database with our MongoDB MCQs. Understand everything from...

MS Office

Master the suite of productivity tools with our MS Office MCQs. From Word and Excel...

Data Science

Discover the fascinating world of extracting insights from data with our Data Science...

Digital Logic Design

Understand the foundation of digital computers with our Digital Logic Design MCQs....

Digital Image Processing (DIP)

Delve into the techniques of enhancing digital images with our Digital Image...

Microprocessor

Understand the heart of your computer with our Microprocessor MCQs. Topics include...

Software Architecture and Design

Get a strong hold on the blueprint of software systems with our Software Architecture...

Formal Languages and Automata Theory

Discover the mathematical models of computation with our Formal Languages and...

MySQL Database

Enhance your knowledge of relational databases with our MySQL MCQs. Understand...