adplus-dvertising

Welcome to the Exploiting Physical and Social Vulnerabilities MCQs Page

Dive deep into the fascinating world of Exploiting Physical and Social Vulnerabilities with our comprehensive set of Multiple-Choice Questions (MCQs). This page is dedicated to exploring the fundamental concepts and intricacies of Exploiting Physical and Social Vulnerabilities, a crucial aspect of CompTIA PenTest+ Certification Exam PT0 002. In this section, you will encounter a diverse range of MCQs that cover various aspects of Exploiting Physical and Social Vulnerabilities, from the basic principles to advanced topics. Each question is thoughtfully crafted to challenge your knowledge and deepen your understanding of this critical subcategory within CompTIA PenTest+ Certification Exam PT0 002.

frame-decoration

Check out the MCQs below to embark on an enriching journey through Exploiting Physical and Social Vulnerabilities. Test your knowledge, expand your horizons, and solidify your grasp on this vital area of CompTIA PenTest+ Certification Exam PT0 002.

Note: Each MCQ comes with multiple answer choices. Select the most appropriate option and test your understanding of Exploiting Physical and Social Vulnerabilities. You can click on an option to test your knowledge before viewing the solution for a MCQ. Happy learning!

Exploiting Physical and Social Vulnerabilities MCQs | Page 6 of 7

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

Q51.
Frank receives a message to his cell phone from a phone number that appears to be from the IRS. When he answers, the caller tells him that he has past due taxes and is in legal trouble. What type of social engineering attack has Frank encountered?

a.

A spear phishing attack

b.

A whaling attack

c.

A vishing attack

d.

A SMS phishing attack

Discuss
Answer: (c).A vishing attack Explanation:Frank has encountered a vishing attack, a type of attack conducted via phone that often relies on a perception of authority and urgency to acquire information from its targets. A spear phishing attack targets specific individuals or groups, and whaling attacks are aimed at VIPsβ€”neither of which are indicated in the question. The attack is via voice, not SMS, ruling that answer out too.
Q52.
Emily wants to gather information about an organization but does not want to enter the building. What physical data gathering technique can she use to potentially gather business documents without entering the building?

a.

Piggybacking

b.

File surfing

c.

USB drops

d.

Dumpster diving

Discuss
Answer: (d).Dumpster diving Explanation:Emily can try dumpster diving. An organization’s trash can be a treasure trove of information about the organization, its staff, and its current operations based on the documents and files that are thrown away. She might even discover entire PCs or discarded media!
Q53.
Cameron sends a phishing email to all of the administrative assistants in a company. What type of phishing attack is he conducting?

a.

Whaling

b.

Vishing

c.

A watering hole attack

d.

Spear phishing

Discuss
Answer: (d).Spear phishing Explanation:Spear phishing is targeted to specific populations, in this case, administrative assistants. Whaling targets VIPs, vishing is done via phone calls, and a watering hole attack leverages a frequently visited site or application.
Q54.
Which social engineering motivation technique relies on persuading the target that other people have behaved similarly and thus that they could too?

a.

Likeness

b.

Fear

c.

Social proof

d.

Reciprocation

Discuss
Answer: (c).Social proof Explanation:Social proof relies on persuading an individual that they can behave in a way similar to what they believe others have. A social proof scenario might involve explaining to the target that sharing passwords was commonly done among employees in a specific circumstance or that it was common practice to let other staff in through a secure door without an ID.
Q55.
Megan wants to clone an ID badge for the company that she is performing a penetration test against. Which of the following types of badge can be cloned without even touching it?

a.

Magstripe

b.

Smartcard

c.

RFID

d.

CAC

Discuss
Answer: (c).RFID Explanation:RFID badges are wireless and can sometimes be cloned from distances up to a few feet away. Magstripe cards need to be read with a magnetic stripe reader, smartcards provide additional security that makes them difficult to clone, and CAC cards are the U.S. government’s smartcard implementation.
Q56.
Allan wants to gain access to a target company’s premises but discovers that his original idea of jumping the fence probably isn’t practical. His new plan is to pretend to be a delivery person with a box that requires a personal signature from an employee. What technique is he using?

a.

Authority

b.

Pretexting

c.

Social proof

d.

Likeness

Discuss
Answer: (b).Pretexting Explanation:Allan is using a pretext to gain access to the organization. Claiming to be a delivery person who needs a specific signature may get him past the initial security for the organization. He is not claiming particular authority, providing social proof that others allow him in, or claiming he is similar to the security person or receptionist.
Q57.
Charles sends a phishing email to a target organization and includes the line β€œOnly five respondents will receive a cash prize.” Which social engineering motivation strategy is he using?

a.

Scarcity

b.

Social proof

c.

Fear

d.

Authority

Discuss
Answer: (a).Scarcity Explanation:Scarcity can be a powerful motivator when performing a social engineering attempt. The email that Charles sent will use the limited number of cash prizes to motivate respondents. If he had added β€œthe first five,” he would have also targeted urgency, which is often paired with scarcity to provide additional motivation.
Q58.
What occurs during a quid pro quo social engineering attempt?

a.

The target is offered money.

b.

The target is asked for money.

c.

The target is made to feel indebted.

d.

The penetration tester is made to feel indebted.

Discuss
Answer: (c).The target is made to feel indebted. Explanation:A quid pro quo attempt relies on the social engineer offering something of perceived value so that the target will feel indebted to them. The target is then asked to perform an action or otherwise do what the penetration tester wants them to do.
Q59.
Andrew knows that the employees at his target company frequently visit a football discussion site popular in the local area. As part of his penetration testing, he successfully places malware on the site and takes over multiple PCs belonging to employees. What type of attack has he used?

a.

A PWNie attack

b.

A watercooler attack

c.

A clone attack

d.

A watering hole attack

Discuss
Answer: (d).A watering hole attack Explanation:Andrew has used a watering hole attack, but he has also made what might be a critical mistake. Placing malware on a third-party site accessed by many in the local area (or beyond!) is probably beyond the scope of his engagement and is likely illegal. A better plan would have been to target a resource owned and operated by the company itself and accessed only by internal staff members.
Q60.
Steve inadvertently sets off an alarm and is discovered by a security guard during an on-site penetration test. What should his first response be?

a.

Call the police.

b.

Attempt to escape.

c.

Provide his pretext.

d.

Call his organizational contact.

Discuss
Answer: (c).Provide his pretext. Explanation:Once a penetration tester is caught, their first response should be to provide their pretext. A successful social engineering attempt at this point can salvage the penetration test attempt. If that doesn’t work, calling the organizational contact for a β€œget out of jail free” response may be the only option in a difficult situation.
Page 6 of 7

Suggested Topics

Are you eager to expand your knowledge beyond CompTIA PenTest+ Certification Exam PT0 002? We've curated a selection of related categories that you might find intriguing.

Click on the categories below to discover a wealth of MCQs and enrich your understanding of Computer Science. Happy exploring!

Computer Graphics

Step into the visual side of computing with our Computer Graphics MCQs. Cover topics...

Discrete Mathematics

Refine your mathematical skills essential for computer science with our Discrete...

SQL Server

Master Microsoft's database server with our SQL Server MCQs. Topics cover database...

HTML

Start your journey in web development with our HTML MCQs. Learn the building blocks...

Wireless and Mobile Communications

Get to grips with modern communication technologies with our Wireless and Mobile...

Java Spring Framework

Enhance your Java development skills with our Spring Framework MCQs. Learn about...

Data Warehousing and OLAP

Strengthen your knowledge of Data Warehousing and OLAP with our specialized MCQs....

Computer Hardware

Explore the tangible components of computers with our Computer Hardware MCQs. Learn...

Cloud Computing

Stay on top of the biggest trend in IT with our Cloud Computing MCQs. These questions...