Cyber Security Questions and Answers – Social Engineering and Physical Hacking. This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Social Engineering and Physical Hacking”.
1. ___________ is a special form of attack using which hackers’ exploit – human psychology.
a) Cross Site Scripting
b) Insecure network
c) Social Engineering
d) Reverse Engineering
Explanation: Using social engineering techniques, hackers try to exploit the victim’s mind to gain valuable information about that person such as his/her phone number, date of birth, pet name, etc.
2. Which of the following do not comes under Social Engineering?
Explanation: Spamming is the attack technique where the same message is sent indiscriminately repeatedly in order to overload the inbox or harm the user.
3. _________ involves scams where an individual (usually an attacker) lie to a person (the target victim) to acquire privilege data.
Explanation: In the pretexting technique of social engineering, the attacker pretends in need of legitimate information from the victim for confirming his/her identity.
4. Which of the following is the technique used to look for information in trash or around dustbin container?
c) Quid Pro Quo
d) Dumpster diving
Explanation: In the technology world, where information about a person seems everywhere; dumpster diving is the name of the technique where the attacker looks for information in dustbins and trashes. For example, after withdrawing money from ATM, the user usually throw the receipt in which the total amount and account details are mentioned. This type of information becomes helpful to a hacker, for which they use dumpster diving.
5. Which of the following is not an example of social engineering?
a) Dumpster diving
b) Shoulder surfing
d) Spear phishing
Explanation: Carding is the method of trafficking bank details, credit cards, or other financial information over the internet. Hence it’s a fraudulent technique used by hackers and does not come under social engineering.
6. In phishing, attackers target the ________ technology to so social engineering.
b) WI-FI network
c) Operating systems
d) Surveillance camera
Explanation: In a phishing attack, the attacker fraudulently attempts to obtain sensitive data (such as username & passwords) of the target user and uses emails to send fake links which redirect them to a fake webpage that looks legitimate.
7. Tailgating is also termed as ___________
Explanation: Piggybacking is the technique used for social engineering, as the attacker or unauthorized person/individual follows behind an authorized person/employee & gets into an authorized area to observe the system, gain confidential data, or for a fraudulent purpose.
8. Physical hacking is not at all possible in hospitals, banks, private firms, and non-profit organizations.
Explanation: Physical hacking, like other types of hacking, is possible in any institution, organization, clinic, a private firm, bank, or any other financial institution. Hence, the above statement is false.
9. Stealing pen drives and DVDs after tailgating is an example of lack of _______ security.
a) network security
b) physical security
c) database security
d) wireless security
Explanation: When cyber-criminals gain access to an authorized area and steal pen drives and DVDs that contain sensitive information about an employee or about the organization, then it can be said that the physical security of the organization is weak.
10. ________ is the ability of an individual to gain physical access to an authorized area.
a) Network accessing
b) Database accessing
c) Remote accessing
d) Physical accessing
Explanation: Physical access without prior security checking is the ability of a person to gain access to any authorized area. Physical accessing is done using piggybacking or any other suspicious means.
11. Which of the following is not considering the adequate measure for physical security?
a) Lock the drawers
b) Keep strong passwords for corporate laptops and mobile phones
c) Keep confidential organization’s document file open in the desk
d) Hide your hand against camera while inserting the PIN code
Explanation: Keeping confidential files left open on the desk is not an adequate way of maintaining physical security; as anyone can pick these up and perform physical hacking.
12. Which of the following is not a physical security measure to protect against physical hacking?
a) Add front desk & restrict unknown access to the back room
b) Create a phishing policy
c) Analyze how employees maintain their physical data and data storage peripheral devices
d) Updating the patches in the software you’re working at your office laptop.
Explanation: Updating the patches in your working software does not come under security measures for physical hacking. Updating the patches will help your software get free from bugs and flaws in an application as they get a fix when patches are updated.
13. IT security department must periodically check for security logs and entries made during office hours.
Explanation: Checking for security logs and entries made by employees and other outsiders who entered the office can help in identifying whether any suspicious person is getting in and out of the building or not.
14. Which of them is not an example of physical hacking?
a) Walk-in using piggybacking
c) Break-in and steal
Explanation: Phishing does not come under physical security. Walk-in without proper authorization, sneaking in through glass windows or other means, and breaking in and stealing sensitive documents are examples of physical hacking.
15. Physical _________ is important to check & test for possible physical breaches.
a) penetration test
b) security check
Explanation: Physical penetration test is important in order to check for possible physical security breaches. Usually, corporate firms and organizations stay busy in securing the networks and data and penetration testers are hired for data and network pentesting, but physical security breaches can also equally hamper.