Assignment: Social Engineering Attacks | Ethical Hacking using Kali Linux (in English) - Software Development PDF Download

Multiple Choice Questions (MCQs)

Q1: What is the main goal of a social engineering attack?
(a) Exploit system vulnerabilities
(b) Manipulate people into revealing confidential information
(c) Infect systems with malware
(d) Brute force user passwords
Ans: (b) Manipulate people into revealing confidential information

Q2: Which of the following is a common type of phishing attack?
(a) SQL Injection
(b) Spear Phishing
(c) Port Scanning
(d) Buffer Overflow
Ans: (b) Spear Phishing

Q3: What is the primary difference between phishing and spear phishing?
(a) Phishing targets individuals, while spear phishing targets large groups
(b) Spear phishing is more personalized and targets specific individuals
(c) Phishing uses email, while spear phishing only uses phone calls
(d) Spear phishing is automated, while phishing is manual
Ans: (b) Spear phishing is more personalized and targets specific individuals

Q4: What type of attack involves an attacker posing as a trusted entity to gather sensitive data?
(a) Phishing
(b) Ransomware
(c) DDoS
(d) Keylogging
Ans: (a) Phishing

Q5: Which of the following is an example of baiting?
(a) A fake login page designed to steal credentials
(b) A USB drive left in a public place containing malware
(c) A website that encrypts user files for ransom
(d) A brute force attack on a password-protected account
Ans: (b) A USB drive left in a public place containing malware

Q6: What is the primary objective of tailgating in social engineering?
(a) To physically gain access to restricted areas
(b) To track an individual’s location
(c) To manipulate software vulnerabilities
(d) To encrypt user data
Ans: (a) To physically gain access to restricted areas

Q7: What social engineering technique involves pretending to be a trusted authority to obtain information?
(a) Pretexting
(b) Baiting
(c) Quid pro quo
(d) Smishing
Ans: (a) Pretexting

Q8: Which attack method uses SMS messages to trick victims into revealing sensitive data?
(a) Vishing
(b) Smishing
(c) Pharming
(d) Tailgating
Ans: (b) Smishing

Q9: Which of the following is an effective way to prevent social engineering attacks?
(a) Using strong passwords
(b) Regular security awareness training
(c) Installing a firewall
(d) Running regular antivirus scans
Ans: (b) Regular security awareness training

Q10: What technique involves tricking an employee into resetting their password and sharing it with the attacker?
(a) Shoulder surfing
(b) Quid pro quo
(c) Phishing
(d) Pretexting
Ans: (b) Quid pro quo

Clear all your Software Development doubts with EduRev Join for Free

Join for Free

Fill in the Blanks

Q1: ________ is a type of attack where an attacker leaves a malware-infected USB drive in a public place.
Ans: Baiting

Q2: The act of tricking people into revealing their passwords over the phone is called ________.
Ans: Vishing

Q3: ________ is a social engineering technique that involves following an authorized person into a restricted area.
Ans: Tailgating

Q4: Spear phishing is a ________ targeted attack that appears to come from a trusted source.
Ans: Highly personalized

Q5: ________ is a technique where attackers impersonate a trusted authority to extract sensitive information.
Ans: Pretexting

True/False

1. Phishing attacks can only be carried out via email.
Ans: False

2. Social engineering exploits human psychology rather than technical vulnerabilities.
Ans: True

3. Tailgating is when an attacker gains unauthorized access to a system remotely.
Ans: False

4. Multi-factor authentication can help reduce the risk of social engineering attacks.
Ans: True

5. Security awareness training can prevent most social engineering attacks.
Ans: True

Download the notes Assignment: Social Engineering Attacks

Download as PDF

Download as PDF

HOTS (Higher Order Thinking Skills) Questions

Q1: An employee receives an urgent email from their CEO asking for login credentials. What steps should they take before responding?
Ans: Verify the sender’s email, check for spelling errors, confirm with the CEO via another communication method, and report the email to IT.

Q2: You suspect a phishing attack in your organization. How would you investigate and prevent further damage?
Ans: Analyze email headers, check links for suspicious domains, educate employees, and implement email filtering solutions.

Q3: A security team finds a USB drive labeled “Company Bonuses” in the parking lot. What should they do?
Ans: Do not plug it into any system, report it to the IT department, and analyze it in a controlled environment using a sandbox.

Q4: An attacker impersonates an IT support technician and calls an employee asking for their password. How should the employee respond?
Ans: Refuse to provide any credentials, verify the caller’s identity through official channels, and report the incident to IT security.

Q5: A company wants to test its employees' resistance to social engineering attacks. What measures can be taken?
Ans: Conduct simulated phishing attacks, provide training, implement strict access controls, and enforce a policy against sharing sensitive information.

Take a Practice Test Test yourself on topics from Software Development exam

Practice Now

Practice Now

Hands-on Coding Questions

Q1: Write a Python script that detects suspicious email domains commonly used in phishing attacks.
Ans:
phishing_domains = ["mail.com", "secure-login.com", "bank-update.com"]
email = input("Enter sender email: ")
domain = email.split('@')[-1]
if domain in phishing_domains:
    print("Warning: Suspicious email domain detected!")
else:
    print("Email domain appears safe.")

Q2: Create a Bash script that logs failed login attempts to detect potential social engineering attacks.
Ans:
#!/bin/bash
echo "Monitoring failed login attempts..."
grep "Failed password" /var/log/auth.log > failed_logins.log
echo "Check failed_logins.log for details."