header bg

Download PASSEMALL Prep app now

Scan QR code or get instant email to install app

Question:

Which of the following attacks is it attempting to protect against if your organization installs mantraps in the entranceway?

A Tailgating
explanation

To prevent tailgating, mantraps are specifically designed

Explore more Cehv10 questions
Take more free practice tests for other PASSEMALL topics with our ceh training now!

Comments

Leave a Reply

Your email address will not be published.

*

Related Questions

Within physical security, lighting, locks, fences, and guards are all examples of __________ measures.

physical

Physical security controls are classified into three types: physical, technological, and operational. Lighting, fences, and guards are examples of physical safeguards.

Which social engineering attack was in the case:
A man receives a text message on his phone purporting to be from Technical Services. The text advises of a security breach and provides a web link and phone number to follow up on. He turns over sensitive information when the man calls the number.

Smishing

The use of text messages to socially engineer mobile device users is referred to as smishing. It is, by definition, a mobile-based social engineering attack. Aside than that, it sounds like something a five-year-old might say after killing a bug.

Which of the following are true statements regarding the identification of phishing attempts if phishing e-mail attacks have caused severe harm to a company and the security office decides to provide training to all users in phishing prevention? (select all that apply.)

Ensure e-mail is from a trusted, legitimate e-mail address source.

Verify spelling and grammar is correct.

Verify all links before clicking them.

Phishing e-mails can be identified by the sender, the recipient, spelling and grammatical problems, and unfamiliar or harmful attached links.

Employee background checks, device risk assessments, and key management and storage rules are all examples of __________ measures in physical security.

operational

To enforce a security-minded operation, operational measures are the policies and procedures you set up.

To control or mitigate against static electricity in a computer room, which of the following is not a method used?

Positive pressure

Positive pressure is great for keeping dust and other pollutants out of the room, but it does little to combat static electricity on its own.

Which attack has occurred in the situation:
An attacker does a Whois search on a target company and finds the technical point of contact (POC) and site ownership e-mail addresses. He then composes an e-mail to the owner from the technical POI, instructing him to visit a link to view the site's online statistics. Instead, the link takes you to a bogus website where your credentials are taken.

Spear phishing

Spear phishing happens when an e-mail is delivered to a specified audience, even if that audience consists of only one individual. In this case, the attacker used recon data to build an e-mail that was more realistic to the targeted target and hence more successful.

Bob decides to use social engineering during part of his pen test. He sends an unsolicited e-mail to several users on the network advising them of potential network problems and provides a phone number to call. Later that day, Bob performs a DoS on a network segment and then receives phone calls from users asking for assistance. Which social engineering practice is in play?

Reverse social engineering

When the attacker uses marketing, sabotage, and support to gain access credentials and other information, reverse social engineering takes place.

To a target network or resource, which threat presents the highest risk?

A disgruntled employee

Insider threats are often regarded as the most dangerous sort of threat, and a disgruntled employee on the inside is the single most difficult issue for security experts to anticipate and handle.

Phishing, pop-ups, and IRC channel use are all examples of which type of social engineering attack?

Computer based

Computer-based social engineering attacks involve any methods that make use of computers and technology.

Which of the following social engineering attacks is the best option if an attacker has physical access to a building and wants to attain access credentials to the network using nontechnical means?

Shoulder surfing

The attacker could employ shoulder surfing to gain the access credentials of a user as he is already inside (thus rendering tailgating and piggybacking pointless).

Which social engineering attack is in play in the situation that an attacker creates a fake ID badge and waits next to an entry door to a secured facility and an authorized user swipes a key card and opens the door, Jim follows the user inside?

Tailgating

Tailgating occurs when an attacker wears a fraudulent admission badge and follows an authorized user inside.