Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›220-1202›Objectives›Social Engineering Attacks
Objective 13.0

Social Engineering Attacks

220-1202 Practice Questions

Full Practice Test →All Objectives

220-1202 Social Engineering Attacks — Practice Questions

30 questions from this objective

Question 2easymultiple choice
Full question →

An employee finds a USB drive labeled 'Employee Salary Info Q4' in the parking lot. Out of curiosity, they plug it into their work computer to see the contents. What type of social engineering attack is this an example of?

Question 3mediummultiple choice
Full question →

A new employee receives an email that appears to be from the company's HR department, asking them to click a link to verify their direct deposit information for payroll. The email contains the company logo and looks professional. What is the most likely social engineering attack?

Question 4easymultiple choice
Full question →

A user calls the help desk, frantic because their banking app shows an unauthorized transfer of $500. They say they received a call earlier from 'bank security' asking them to install a remote access tool to 'verify their account'. What type of social engineering attack did the user fall victim to?

Question 5hardmultiple choice
Full question →

A technician is troubleshooting a user's slow computer. The user mentions they received a call from 'Windows Support' saying their computer had a virus. The user gave the caller remote access to 'fix' it. Now, the computer is running slower and has strange pop-ups. What is the most likely consequence of this social engineering attack?

Question 6easymultiple choice
Full question →

A user reports receiving an email that appears to be from their CEO, urgently requesting that they purchase $500 in gift cards and reply with the codes. The email address looks slightly off (e.g., ceo@cornpany.com instead of ceo@company.com). What type of social engineering attack is this?

Question 7hardmultiple choice
Full question →

A technician receives an email from what appears to be the company's CEO, asking for a list of all employee passwords for a 'security audit'. The email address is correct, but the tone and request are unusual. The technician suspects a social engineering attack. What is the best course of action?

Question 8easymultiple choice
Full question →

A receptionist at a company receives a call from someone claiming to be from the IT department. The caller says they need her password to perform an urgent server update. The receptionist provides the password. What type of social engineering attack is this?

Question 9mediummultiple choice
Full question →

During a security audit, a technician notices that an unauthorized person is standing just behind an employee at the secure door, waiting for the employee to badge in so they can enter without badging themselves. What type of social engineering attack is being attempted?

Question 10mediummultiple choice
Full question →

A user calls the help desk because they received a pop-up on their screen claiming their computer is infected with a virus and to call a toll-free number for immediate support. The user did not call the number. What should the technician advise the user to do?

Question 11mediummultiple choice
Full question →

A technician is configuring a new employee's workstation. The employee mentions that a 'friendly IT guy' from the help desk called earlier and asked for their username and temporary password to 'pre-setup the account'. The employee provided the information. What should the technician do first?

Question 12hardmultiple choice
Full question →

An employee finds a USB drive labeled 'Employee Bonuses Q4' in the parking lot and plugs it into their work computer to see the contents. The computer immediately begins exhibiting erratic behavior. Which social engineering attack was executed?

Question 13mediummultiple choice
Full question →

A user reports receiving a phone call from someone claiming to be from 'Microsoft Support' saying their computer has a virus and asking for remote access to fix it. The user did not grant access. What type of attack was attempted?

Question 14hardmultiple choice
Full question →

A technician receives an email that appears to be from the company's HR department asking them to click a link to update their direct deposit information. The email contains several grammatical errors and the sender's domain is 'company-hr.com' instead of the official 'company.com'. What is the most effective way to confirm this is a phishing attempt?

Question 15easymultiple choice
Full question →

A receptionist holds the door for a person carrying a large box, assuming they work in the building. Later, that person is seen plugging a USB drive into a workstation in the finance department. Which social engineering technique was most likely used to gain initial access?

Question 16mediummultiple choice
Full question →

A technician is troubleshooting a printer issue and finds a sticky note under the keyboard with the domain admin password written on it. The user says they kept it there 'for convenience.' Which social engineering attack does this practice most enable?

Question 17hardmultiple choice
Full question →

During a security audit, a technician discovers that an unauthorized person accessed a restricted server room by pretending to be a fire inspector. The person had a fake ID and clipboard. Which social engineering technique was used, and what is the best mitigation?

Question 18mediummultiple choice
Full question →

A customer complains that their computer is running slowly and they keep seeing pop-ups offering free antivirus software. They admit they clicked 'OK' on one pop-up. Which type of social engineering attack has likely occurred?

Question 19easymultiple choice
Full question →

A technician receives a call from someone claiming to be from the company's IT security team, asking for the administrator password to 'run a critical update.' The caller's voice sounds stressed and they mention a data breach. What should the technician do?

Question 20mediummultiple choice
Full question →

During a software deployment, a user reports that a stranger in a delivery uniform asked to use their computer to 'check a shipment status' and then quickly left. Later, the user notices unusual network activity. What should the technician investigate first?

Question 21easymultiple choice
Full question →

A user calls the help desk claiming they received an urgent email from the CEO asking them to purchase gift cards for a client and reply with the codes. The user is suspicious because the email address looks slightly off. What type of social engineering attack is this?

Question 22easymultiple choice
Full question →

A new employee is setting up their workstation and receives a phone call from someone claiming to be from the IT department. The caller says there is a critical security update and needs the employee's login credentials to install it remotely. What social engineering principle is the attacker primarily exploiting?

Question 23hardmultiple choice
Full question →

A technician is investigating a data breach and discovers that an attacker obtained sensitive files by searching through the company's recycling bins. The bins contained printed reports with customer names and account numbers. What social engineering attack was used?

Question 24mediummultiple choice
Full question →

A technician is helping a customer configure a new laptop. The customer mentions they received a pop-up on their old computer warning of a virus and a phone number to call for support. The customer called the number and gave remote access to a 'technician' who then installed several programs. What social engineering attack occurred?

Question 25mediummultiple choice
Full question →

During a routine security audit, a technician discovers that an unknown person has been using a badge to enter the building after hours. The badge belongs to a former employee who left the company six months ago. Which type of social engineering attack likely enabled this unauthorized access?

Question 26hardmultiple choice
Full question →

During a security audit, a technician finds that a user's workstation was infected with malware after the user inserted a USB drive found in the parking lot. The drive was labeled 'Employee Salary Info Q4'. What social engineering principle did the attacker exploit?

Question 27mediummultiple choice
Full question →

A user reports that they received a voicemail from the company's HR director asking them to call back a number to verify their account details for payroll. The user is suspicious because the HR director is on vacation. What type of social engineering attack is this?

Question 28mediummultiple choice
Full question →

During a security incident investigation, a technician finds that an attacker called the help desk, pretended to be a new employee who forgot their password, and successfully reset it. The attacker knew the employee's name and department. Which social engineering technique was used?

Question 29mediummultiple choice
Full question →

A user reports that they clicked a link in a text message that appeared to be from their bank, warning of suspicious activity. The link led to a realistic-looking login page, but the user realized it was fake after entering their credentials. What type of social engineering attack is this?

Question 30hardmultiple choice
Full question →

A security analyst notices that an attacker has been sending emails that appear to come from the company's internal email system, asking employees to click a link to update their shared drive password. The link leads to a fake login page. The attacker is using a spoofed internal domain. What specific type of phishing is this?

Question 31easymultiple choice
Read the full NAT/PAT explanation →

A user calls the help desk, frantic because they received an email from what appears to be the CEO asking them to urgently purchase $500 in gift cards for a client and reply with the codes. The email address looks slightly off, and the signature is missing the usual legal disclaimer. What type of social engineering attack is this most likely an example of?

More Social Engineering Attacks questions available in the full practice test.

Continue Practising →
←

Previous objective

Malware Types and Removal

Next objective

Windows Security Settings

→

All 220-1202 Objectives

  • 1.Windows OS Features and Tools
  • 2.Windows Settings and Control Panel
  • 3.Windows Command-Line Tools
  • 4.Windows Administrative Tools
  • 5.macOS Features and Tools
  • 6.Linux Commands and File Permissions
  • 7.Mobile OS Features and Tools
  • 8.Virtualization and Cloud Technologies
  • 9.Physical Security Controls
  • 10.Logical Security Concepts
  • 11.Wireless Security Protocols
  • 12.Malware Types and Removal
  • 13.Social Engineering Attacks
  • 14.Windows Security Settings
  • 15.Browser and Application Security
  • 16.Data Destruction and Disposal
  • 17.Windows OS Troubleshooting
  • 18.PC Security Issue Remediation
  • 19.Mobile OS and App Troubleshooting
  • 20.Safety Procedures and Compliance
  • 21.Environmental Awareness and Impact
  • 22.Documentation and Change Management
  • 23.Remote Access Technologies
  • 24.Scripting Basics
  • 25.Communication and Professionalism
  • 100.Operating Systems31%
  • 200.Security25%
  • 300.Software Troubleshooting22%
  • 400.Operational Procedures22%