Q7. Social engineering involves which of the following threats? (Choose 2 best answers)
A. Trojan virus
B. Phone phishing
C. Shoulder surfing
Correct Answer: B,C
1. Shoulder surfing: shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information. It is commonly used to obtain passwords, PINs, security codes, and similar data.
2. Shoulder surfing is particularly effective in crowded places because it is relatively easy to observe someone as they fill out a form, enter their PIN at an automated teller machine or a POS terminal, or enter a password at a cybercafe, public and university libraries, or airport kiosks
3. Shoulder surfing can also be done at a distance using binoculars or other vision-enhancing devices. Inexpensive, miniature closed-circuit television cameras can be concealed in ceilings, walls or fixtures to observe data entry. To prevent shoulder surfing, it is advised to shield paperwork or the keypad from view by using one's body or cupping one's hand.
4. Phishing phone calls: Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license. Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.
5. Once they've gained your trust, cybercriminals might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.
6. Treat all unsolicited phone calls with skepticism. Do not provide any personal information.
7. Trojan horse, Man in the middle, and spyware are not social engineering attacks.
Disclaimer: All Simulation Exams practice tests, study guides and/or material are neither sponsored by, nor endorsed by, nor affiliated with CompTIA® or any other company. All trademarks are trademarks of their respective owners and duly acknowledged. A+™, Network+™, i-Net+™, Server+™,Security+™ are registered trade marks of CompTIA®. The practice tests material is a copyright of SimulationExams.com and the same is not approved or endorsed by respective certifying bodies. Thank-you for your interest in Simulation Exams. Please see read me file before you download, install, and/or use any software from SimulationExams.com For any information or questions regarding this Website, please e-mail webmaster at simulationexams.com