Multiple Choice
Identify the
choice that best completes the statement or answers the question.
|
|
|
1.
|
(2 points) An employee receives an email that looks like it is from the bank’s IT
department asking them to click a link and reset their password. The link leads to a malicious
website. Which type of attack occurred?
a. | Smishing | b. | Eavesdropping | c. | Phishing | d. | Injection attack |
|
|
|
2.
|
(2 points) A bank intern receives a text message saying their account will be locked
unless they click a link immediately. Which attack type is being used?
a. | Smishing | b. | Phishing | c. | Vishing | d. | On-path attack |
|
|
|
3.
|
(2 points) An attacker calls an employee pretending to be from the security team and asks
for login credentials. Which type of attack is this?
a. | Phishing | b. | Credential harvesting | c. | Injection attack | d. | Vishing |
|
|
|
4.
|
(2 points) An attacker claims to be the CEO and demands payroll data immediately, saying
there will be consequences if the request is ignored. Which psychological tactic is being
used?
a. | Authority | b. | Familiarity | c. | Scarcity | d. | Consensus |
|
|
|
5.
|
(2 points) A message says, “Everyone else in your department has completed this
form. You should too.” Which tactic is being used?
a. | Urgency | b. | Consensus | c. | Intimidation | d. | Pretexting |
|
|
|
6.
|
(2 points) An attacker says there are only two spots left in a training program and the
employee must register now. Which tactic is being used?
a. | Scarcity | b. | Authority | c. | Familiarity | d. | Eavesdropping |
|
|
|
7.
|
(2 points) A message says, “You must act in the next 10 minutes to avoid account
suspension.” Which tactic is being used?
a. | Authority | b. | Pretexting | c. | Consensus | d. | Urgency |
|
|
|
8.
|
(2 points) A security analyst discovers that network traffic was captured and copied
while traveling between two devices. Which attack type occurred?
a. | injection
attack | b. | DoS attack | c. | Eavesdropping | d. | Credential harvesting |
|
|
|
9.
|
(2 points) Two employees believe they are communicating securely, but logs show a third
device intercepted and modified the data. Which attack occurred?
a. | Eavesdropping | b. | On-path attack | c. | DDoS attack | d. | Smishing |
|
|
|
10.
|
(2 points)
A web application log shows user input of ' OR '1'='1
in a login field. Which attack type does this indicate?
a. | Credential
harvesting | b. | Phishing | c. | Eavesdropping | d. | Injection attack |
|
|
|
11.
|
(2 points) A website becomes unavailable after thousands of devices flood it with traffic
at the same time. Which attack type occurred?
a. | On-path
attack | b. | Distributed Denial of Service (DDoS) | c. | injection attack | d. | Credential
harvesting |
|
|
|
12.
|
(2 points) A single attacker overwhelms a server with repeated requests, causing
legitimate users to lose access. Which attack occurred?
a. | Denial of Service
(DoS) | b. | DDoS | c. | Phishing | d. | Smishing |
|
|
|
13.
|
(2 points) A user clicks a link that leads to a fake login page identical to the
bank’s official site. The attacker collects usernames and passwords. Which attack
occurred?
a. | Credential
harvesting | b. | Phishing | c. | Injection attack | d. | Eavesdropping |
|
|
|
14.
|
(2 points) An adversary exploits an unpatched vulnerability in a server to steal data.
Which statement best describes what occurred?
a. | A social engineering tactic
failed | b. | A firewall prevented an attack | c. | A vulnerability patched a
threat | d. | A threat exploited a vulnerability to cause
loss |
|
|
|
15.
|
(2 points) Network logs show altered data packets between a client and server, even
though neither device shows compromise. Which attack type should the analyst
determine?
a. | Credential
harvesting | b. | Smishing | c. | On-path attack | d. | Scarcity tactic |
|
|
|
16.
|
(2 points) A packet capture file reveals sensitive login information transmitted in plain
text over the network. Which attack type is most consistent with this evidence?
a. | Credential
harvesting | b. | njection attack | c. | DDoS | d. | Eavesdropping |
|
|
|
17.
|
(2 points) An attacker pretends to be a trusted coworker and references a recent meeting
to build trust before asking for credentials. Which tactic is being used?
a. | ntimidation | b. | Familiarity | c. | Scarcity | d. | Urgency |
|
|
|
18.
|
(2 points) An attacker creates a believable story about needing urgent help with a system
upgrade to gain access credentials. Which tactic is this?
a. | Consensus | b. | Authority | c. | DoS | d. | Pretexting |
|
|
|
19.
|
(2 points) Monitoring tools show a sudden spike in inbound traffic from one IP address,
making the server unavailable. Which attack should be determined?
a. | DoS
attack | b. | Credential harvesting | c. | Phishing | d. | injection
attack |
|
|
|
20.
|
(2 points) Employees report receiving emails directing them to a site that mimics the
company login page. Which attack type should be identified?
a. | DDoS | b. | On-path attack | c. | Credential harvesting | d. | Vishing |
|
|
|
21.
|
(2 points) An attacker approaches an employee in person, pretending to be IT staff and
asking for login credentials. Which type of attack occurred?
a. | Eavesdropping | b. | DDoS | c. | Injection attack | d. | Social engineering |
|
|
|
22.
|
(2 points) A message says, “Your manager told me you would send this file. Please
upload it here.” Which tactic is being used?
a. | Authority | b. | Scarcity | c. | Urgency | d. | Eavesdropping |
|
|
|
23.
|
(2 points) A security team uses packet sniffing tools to identify unauthorized data
capture on a network. Which attack type are they detecting?
a. | Smishing | b. | Credential harvesting | c. | Injection attack | d. | Eavesdropping |
|
|
|
24.
|
(2 points) Logs show traffic from thousands of global IP addresses overwhelming the
bank’s web server simultaneously. Which attack type should be determined?
a. | DoS
attack | b. | DDoS attack | c. | On-path attack | d. | Pretexting |
|
|
|
25.
|
(2 points) An employee receives an email that looks like it is from IT asking them to
click a link to reset their password. What type of attack is this?
a. | Injection
attack | b. | Denial of service | c. | Phishing | d. | Smishing |
|
|
|
26.
|
(2 points) A text message claims a user’s bank account is locked and provides a
link to fix it. What type of attack is this?
a. | Phishing | b. | Vishing | c. | Smishing | d. | Eavesdroppin |
|
|
|
27.
|
(2 points) A caller pretends to be from the bank’s fraud department and asks for
account numbers. What type of attack is this?
a. | Phishing | b. | Vishing | c. | Injection attack | d. | DoS |
|
|
|
28.
|
(2 points) An attacker claims to be the CEO and demands immediate transfer of funds.
Which psychological tactic is being used?
a. | Scarcity | b. | Authority | c. | Familiarity | d. | Consensus |
|
|
|
29.
|
(2 points) A message says, “Everyone in your department has already completed this
survey.” What tactic is being used?
a. | Consensus | b. | Authority | c. | Intimidation | d. | Urgency |
|
|
|
30.
|
(2 points) A fake email says an offer expires in 10 minutes. Which tactic is being
used?
a. | Urgency | b. | Familiarity | c. | Pretexting | d. | Authority |
|