Q7. Social engineering involves which of the following threats? (Choose 2 best answers)
A. Trojan virus
B. Phone phishing
C. Shoulder surfing
Correct Answer: B,C
1. Shoulder surfing: shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information. It is commonly used to obtain passwords, PINs, security codes, and similar data.
2. Shoulder surfing is particularly effective in crowded places because it is relatively easy to observe someone as they fill out a form, enter their PIN at an automated teller machine or a POS terminal, or enter a password at a cybercafe, public and university libraries, or airport kiosks
3. Shoulder surfing can also be done at a distance using binoculars or other vision-enhancing devices. Inexpensive, miniature closed-circuit television cameras can be concealed in ceilings, walls or fixtures to observe data entry. To prevent shoulder surfing, it is advised to shield paperwork or the keypad from view by using one's body or cupping one's hand.
4. Phishing phone calls: Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license. Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.
5. Once they've gained your trust, cybercriminals might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.
6. Treat all unsolicited phone calls with skepticism. Do not provide any personal information.
7. Trojan horse, Man in the middle, and spyware are not social engineering attacks.
Disclaimer: Simulationexams.com is not affiliated with any certification vendor, and Sim-Ex™ Practice Exams are written independently by SimulationExams.com and not affiliated or authorized by respective certification providers. Sim-Ex™ is a trade mark of SimulationExams.com or entity representing Simulationexams.com.A+™ is a trademark of CompTIA® organization.