1. What is an example of the authority social engineering motivation technique?

Question options:

a. A pen tester sends an SMS text stating that those who fail to click the link and complete a survey will be fired.

b. A pen tester sends a spear phishing email praising how great a specific program works and convinces the victim to install it because everyone else is using it.

c. A pen tester calls the IT helpdesk posing as a senior executive requesting a password be set to "L3tm3!nN".

d. A pen tester sends a phishing email stating that a limited number of free installs for a software program exist and to act now while supplies last.

2. What is shoulder surfing?

A.
B.
C.
D.

Question options:

a. Leaving a physical media device in a location where someone else might pick it up and use it

b. Slipping in through a secure area while following an authorized employee

c. Observing a target's behavior without the target noticing

d. Exploiting the typing mistakes that users may make when attempting to navigate to a website

3. What is badge cloning?

Question options:

a. The act of copying authentication data from one RFID microchip to another

b. The act of bypassing a lock using a lock pick set and a torsion wrench.

c. A system that detects infrared emissions from the human body

d. A standard for identifying and keeping track of objects' physical locations through the use of radio waves

4. Which of the following is the difference between impersonation and elicitation?

Question options:

a. Elicitation is the process of acting like an IT employee to gain access to a server room.

b. Impersonation is the process of gathering information from employees.

c. Elicitation is the process of collecting or acquiring data from human beings.

d. Impersonation is the sending of surveys to collect data from a group of employees.

5. Which statement reflects a legitimate benefit of phishing?

A.
B.
C.
D.

Question options:

a. Use spear phishing because someone will likely click a malicious link if a generic email is sent to every user.

b. Use voice phishing because people tend to place more trust in those they can have a real-time conversation with.

c. Use SMS phishing because smartphones tend to have trusted access to company trade secrets.

d. Use whaling because the largest number of people can be reached by mass email

6. An IT director reads about a new form of malware that targets a system widely utilized in the company's network. The director wants to discover whether the network has been targeted, but also wants to conduct the scan without disrupting company operations or tipping off potential attackers to the investigation. Evaluate vulnerability scanning techniques and determine the best tool for the investigation.

Question options:

a. Configuration review

b. Credentialed scan

c. Threat hunting

d. Penetration testing

7. Considering a Data Breach versus Data Exfiltration, a Data Breach is never intentional, were Data Exfiltration always is intentional.

Question options:
a.True
b.False

8. A system administrator must scan the company's web-based application to identify which ports are open and which operating system can be seen from the outside world. Determine the syntax that should be used to yield the desired information if the administrator will be executing this task from a Linux command line.

Question options:

a. netstat -a

b. nmap -O webapp.company.com

c. nmap -sS 10.1.0.0/24

d. netstat -n

Question

1. What is an example of the authority social engineering motivation technique?

Question options:

a. A pen tester sends an SMS text stating that those who fail to click the link and complete a survey will be fired.

b. A pen tester sends a spear phishing email praising how great a specific program works and convinces the victim to install it because everyone else is using it.

c. A pen tester calls the IT helpdesk posing as a senior executive requesting a password be set to "L3tm3!nN".

d. A pen tester sends a phishing email stating that a limited number of free installs for a software program exist and to act now while supplies last.

2. What is shoulder surfing?

A.
B.
C.
D.

Question options:

a. Leaving a physical media device in a location where someone else might pick it up and use it

b. Slipping in through a secure area while following an authorized employee

c. Observing a target's behavior without the target noticing

d. Exploiting the typing mistakes that users may make when attempting to navigate to a website

3. What is badge cloning?

Question options:

a. The act of copying authentication data from one RFID microchip to another

b. The act of bypassing a lock using a lock pick set and a torsion wrench.

c. A system that detects infrared emissions from the human body

d. A standard for identifying and keeping track of objects' physical locations through the use of radio waves

4. Which of the following is the difference between impersonation and elicitation?

Question options:

a. Elicitation is the process of acting like an IT employee to gain access to a server room.

b. Impersonation is the process of gathering information from employees.

c. Elicitation is the process of collecting or acquiring data from human beings.

d. Impersonation is the sending of surveys to collect data from a group of employees.

5. Which statement reflects a legitimate benefit of phishing?

A.
B.
C.
D.

Question options:

a. Use spear phishing because someone will likely click a malicious link if a generic email is sent to every user.

b. Use voice phishing because people tend to place more trust in those they can have a real-time conversation with.

c. Use SMS phishing because smartphones tend to have trusted access to company trade secrets.

d. Use whaling because the largest number of people can be reached by mass email

6. An IT director reads about a new form of malware that targets a system widely utilized in the company's network. The director wants to discover whether the network has been targeted, but also wants to conduct the scan without disrupting company operations or tipping off potential attackers to the investigation. Evaluate vulnerability scanning techniques and determine the best tool for the investigation.

Question options:

a. Configuration review

b. Credentialed scan

c. Threat hunting

d. Penetration testing

7. Considering a Data Breach versus Data Exfiltration, a Data Breach is never intentional, were Data Exfiltration always is intentional.

Question options:
a.True
b.False

8. A system administrator must scan the company's web-based application to identify which ports are open and which operating system can be seen from the outside world. Determine the syntax that should be used to yield the desired information if the administrator will be executing this task from a Linux command line.

Question options:

a. netstat -a

b. nmap -O webapp.company.com

c. nmap -sS 10.1.0.0/24

d. netstat -n

Accepted Answer

According to answering policy we can answer only 1st question.For remaining questions you can…