The process of attempting to exploit a weakness in a network after being given permission by the company is known as:
A. penetration testing
B. vulnerability scanning
C. reconnaissance
D. social engineering
CompTIA exam questions
The process of attempting to exploit a weakness in a network after being given permission by the company is known as:
A. penetration testing
B. vulnerability scanning
C. reconnaissance
D. social engineering
Which of the following security threats are MOST often delivered via email? (Select TWO).
A. Rootkits
B. Phishing
C. Shoulder surfing
D. Social engineering
E. Spam
Which of the following security threats is BEST mitigated through proper user training?
A. A Worm
B. Rootkits
C. Social Engineering
D. Browser Adware
A computer user, Peter, was surfing for information on a news site when he reported a screen flicker and then a pop-up appeared on his screen stating the computer was infected with a virus. Peter noticed the title of the pop-up was not from his installed antivirus. Which of the following BEST describes this infection?
A. Worm
B. Spyware
C. Social engineering
D. Malware
Which of the following activities would BEST be described as social engineering?
A. Downloading Spyware
B. Bribery
C. Writing down passwords
D. Brute force
A company would like to prevent commonly known social engineering risks. Which of the following would help mitigate these risks?
A. Annual security training
B. Install new switches
C. Review security policies
D. Require 180 day password expiration
A user receives a phone call from a person claiming to be from technical support. This person knows the users name and that the user has Windows installed on their computer. The technician directs the user to open Event Viewer and look at some event log entries to demonstrate the effects of a virus on the computer. The technician also asks the user for their user ID and password so that they can clean the computer. This is an example of which of the following security threats?
A. Social engineering
B. Phishing
C. Malware
D. Virus
An individual pretending to be a consultant trying to gain access to information is an example of which of the following?
A. Chassis Intrusion
B. Principle of Least Privilege
C. Social Engineering
D. Identity Theft
An employee receives a phone call inquiring about company information. This is an example of which of the following?
A. Phishing
B. Social engineering
C. Shoulder surfing
D. Rootkits
Which of the following is the BEST example of social engineering?
A. Impersonation
B. Key logger
C. Virus
D. Malicious cookie