CCNA Social Engineering Attacks Questions

30 questions · Social Engineering Attacks topic · All types, answers revealed

1
MCQhard

An employee finds a USB drive labeled 'Employee Bonuses Q4' in the parking lot and plugs it into their work computer to see the contents. The computer immediately begins exhibiting erratic behavior. Which social engineering attack was executed?

A.Phishing
B.Pretexting
C.Baiting
D.Tailgating
AnswerC

Baiting uses an enticing item (like a labeled USB drive) to trick a victim into introducing malware into a system.

Why this answer

This is a classic baiting attack using physical media. The attacker left a USB drive with an enticing label (bait) in a location where an employee would find it, hoping they would plug it in and execute malware.

2
MCQmedium

A user reports receiving a phone call from someone claiming to be from 'Microsoft Support' saying their computer has a virus and asking for remote access to fix it. The user did not grant access. What type of attack was attempted?

A.Phishing
B.Vishing
C.Smishing
D.Pretexting
AnswerB

Vishing is voice phishing, using phone calls to deceive victims into granting remote access or revealing information.

Why this answer

This is a vishing (voice phishing) attack, a social engineering technique where the attacker uses phone calls to trick victims into providing sensitive information or remote access. Legitimate companies like Microsoft do not make unsolicited support calls.

3
MCQeasy

A new employee is setting up their workstation and receives a phone call from someone claiming to be from the IT department. The caller says there is a critical security update and needs the employee's login credentials to install it remotely. What social engineering principle is the attacker primarily exploiting?

A.Urgency
B.Scarcity
C.Authority
D.Social proof
AnswerC

Authority is the correct answer, as the attacker uses the perceived power of IT to gain compliance.

Why this answer

This scenario exploits the principle of authority, as the attacker impersonates a trusted IT department figure. Social engineers often use authority to bypass security protocols by making victims feel compelled to comply. The correct response is to never share credentials, regardless of who asks.

4
MCQhard

A technician receives an email that appears to be from the company's HR department asking them to click a link to update their direct deposit information. The email contains several grammatical errors and the sender's domain is 'company-hr.com' instead of the official 'company.com'. What is the most effective way to confirm this is a phishing attempt?

A.Reply to the email asking for verification.
B.Click the link to see if it looks legitimate.
C.Forward the email to the company's security team for analysis.
D.Call the phone number listed in the email signature.
AnswerC

Forwarding to the security team allows experts to analyze headers, links, and other indicators to confirm phishing.

Why this answer

The most reliable method is to verify the email's authenticity by checking the full email header and sender domain. Hovering over the link to see the actual URL can also reveal a phishing site, but checking the header confirms the source.

5
MCQeasy

An employee finds a USB drive labeled 'Employee Salary Info Q4' in the parking lot. Out of curiosity, they plug it into their work computer to see the contents. What type of social engineering attack is this an example of?

A.Phishing
B.Tailgating
C.Baiting
D.Pretexting
AnswerC

Baiting exploits human curiosity or greed by offering something desirable. The USB drive with a tempting label is a classic baiting technique.

Why this answer

This is baiting, where an attacker leaves a physical item (like a USB drive) in a location where it is likely to be found and used. The enticing label is the 'bait' that exploits human curiosity.

6
MCQmedium

A new employee receives an email that appears to be from the company's HR department, asking them to click a link to verify their direct deposit information for payroll. The email contains the company logo and looks professional. What is the most likely social engineering attack?

A.Whaling
B.Phishing
C.Vishing
D.Shoulder surfing
AnswerB

Phishing is a broad category of attacks that use deceptive emails to trick recipients into revealing sensitive information or clicking malicious links. This scenario is a classic phishing attempt.

Why this answer

This is a phishing attack, specifically a form of spear phishing targeting a new employee. The email uses social engineering tactics (urgency, authority) to trick the recipient into clicking a malicious link that could steal credentials or install malware.

7
MCQhard

A technician is investigating a data breach and discovers that an attacker obtained sensitive files by searching through the company's recycling bins. The bins contained printed reports with customer names and account numbers. What social engineering attack was used?

A.Tailgating
B.Shoulder surfing
C.Dumpster diving
D.Phishing
AnswerC

Dumpster diving is the correct term for retrieving information from discarded materials.

Why this answer

Dumpster diving is the physical act of searching through trash to find sensitive information. This attack relies on the failure to properly dispose of documents. Shredding or secure disposal policies are essential countermeasures.

8
MCQeasy

A receptionist holds the door for a person carrying a large box, assuming they work in the building. Later, that person is seen plugging a USB drive into a workstation in the finance department. Which social engineering technique was most likely used to gain initial access?

A.Phishing
B.Pretexting
C.Tailgating
D.Baiting
AnswerC

Tailgating occurs when an unauthorized person follows an authorized person into a restricted area without proper authentication.

Why this answer

Tailgating (or piggybacking) exploits human politeness and the natural instinct to hold doors for others, allowing unauthorized physical access. This attack often precedes other malicious actions like planting malware via USB.

9
MCQmedium

A technician is troubleshooting a printer issue and finds a sticky note under the keyboard with the domain admin password written on it. The user says they kept it there 'for convenience.' Which social engineering attack does this practice most enable?

A.Phishing
B.Shoulder surfing
C.Tailgating
D.Baiting
AnswerB

Shoulder surfing involves visually obtaining information like passwords; a sticky note in plain view makes this trivial.

Why this answer

Writing down passwords in plain sight is a security risk that directly enables shoulder surfing or dumpster diving. An attacker who sees the note can easily gain unauthorized access.

10
MCQmedium

A technician is helping a customer configure a new laptop. The customer mentions they received a pop-up on their old computer warning of a virus and a phone number to call for support. The customer called the number and gave remote access to a 'technician' who then installed several programs. What social engineering attack occurred?

A.Shoulder surfing
B.Phishing
C.Tech support scam
D.Dumpster diving
AnswerC

Tech support scams specifically use fake alerts and phone calls to trick users into granting remote access.

Why this answer

This is a classic tech support scam, a form of social engineering where attackers use fake virus warnings to gain remote access. The pop-up is designed to scare the user into calling a fraudulent support number. Once access is granted, the attacker can install malware or steal data.

11
MCQhard

During a security audit, a technician discovers that an unauthorized person accessed a restricted server room by pretending to be a fire inspector. The person had a fake ID and clipboard. Which social engineering technique was used, and what is the best mitigation?

A.Tailgating; install mantraps at entrances.
B.Phishing; implement email filtering.
C.Pretexting; enforce visitor check-in and verification procedures.
D.Baiting; disable USB ports on workstations.
AnswerC

Pretexting uses a fabricated identity; verifying visitors against official records and requiring escorts prevents this.

Why this answer

This is pretexting, where the attacker created a false identity (fire inspector) to gain trust and access. The best mitigation is implementing strict verification procedures for all visitors, including calling the agency they claim to represent.

12
MCQmedium

During a routine security audit, a technician discovers that an unknown person has been using a badge to enter the building after hours. The badge belongs to a former employee who left the company six months ago. Which type of social engineering attack likely enabled this unauthorized access?

A.Phishing
B.Tailgating
C.Dumpster diving
D.Shoulder surfing
AnswerB

Tailgating is the correct term for unauthorized physical access by following someone in, possibly with a stolen badge.

Why this answer

This describes tailgating, where an attacker follows an authorized person into a secure area without proper credentials. The use of a former employee's badge suggests the attacker may have obtained it through theft or social engineering. Proper badge deactivation upon termination is a key countermeasure.

13
MCQhard

During a security audit, a technician finds that a user's workstation was infected with malware after the user inserted a USB drive found in the parking lot. The drive was labeled 'Employee Salary Info Q4'. What social engineering principle did the attacker exploit?

A.Scarcity
B.Baiting
C.Pretexting
D.Tailgating
AnswerB

Baiting is the correct term, as the attacker left a malicious device (the bait) to exploit the user's curiosity.

Why this answer

This attack exploits curiosity and the baiting principle, where an attacker leaves a malicious device in a place where it will be found. The enticing label increases the likelihood of someone picking it up. This is a form of social engineering that relies on human psychology rather than technical vulnerabilities.

14
MCQeasy

A user calls the help desk, frantic because their banking app shows an unauthorized transfer of $500. They say they received a call earlier from 'bank security' asking them to install a remote access tool to 'verify their account'. What type of social engineering attack did the user fall victim to?

A.Phishing
B.Vishing
C.Smishing
D.Shoulder surfing
AnswerB

Vishing (voice phishing) uses phone calls to impersonate legitimate organizations and trick victims into revealing sensitive information or installing malware. This scenario perfectly matches that description.

Why this answer

This is a classic vishing (voice phishing) attack combined with a tech support scam. The attacker used a phone call to impersonate a trusted entity and tricked the user into installing remote access software, giving the attacker control over the device to perform fraudulent transactions.

15
MCQhard

A technician is troubleshooting a user's slow computer. The user mentions they received a call from 'Windows Support' saying their computer had a virus. The user gave the caller remote access to 'fix' it. Now, the computer is running slower and has strange pop-ups. What is the most likely consequence of this social engineering attack?

A.The computer is now part of a botnet used for DDoS attacks.
B.The attacker installed a keylogger to steal credentials and sensitive data.
C.The computer's BIOS has been corrupted.
D.The hard drive has been physically damaged.
AnswerB

A keylogger is a common payload in tech support scams. The attacker can capture passwords, banking info, and other sensitive data, leading to identity theft or financial loss.

Why this answer

By giving remote access, the user likely allowed the attacker to install malware, such as ransomware, spyware, or a backdoor. The slow performance and pop-ups are symptoms of malware infection. The technician should immediately disconnect the computer from the network and perform a full security scan.

16
MCQmedium

A user reports that they received a voicemail from the company's HR director asking them to call back a number to verify their account details for payroll. The user is suspicious because the HR director is on vacation. What type of social engineering attack is this?

A.Smishing
B.Vishing
C.Pretexting
D.Pharming
AnswerB

Vishing is the correct term for voice-based phishing attacks via phone calls or voicemail.

Why this answer

This is vishing (voice phishing), where attackers use phone calls or voicemails to trick victims into revealing sensitive information. The impersonation of a known authority figure and the request for account details are classic signs. Vishing often leverages caller ID spoofing to appear legitimate.

17
MCQmedium

A customer complains that their computer is running slowly and they keep seeing pop-ups offering free antivirus software. They admit they clicked 'OK' on one pop-up. Which type of social engineering attack has likely occurred?

A.Phishing
B.Baiting
C.Pretexting
D.Shoulder surfing
AnswerB

Baiting uses an enticing offer (free antivirus) to trick the user into executing malware, often via pop-ups or physical media.

Why this answer

This is a classic baiting attack where the attacker lures the victim with a free offer (antivirus) that actually installs malware. The pop-ups are a common delivery method for scareware or fake antivirus programs.

18
MCQeasy

A user reports receiving an email that appears to be from their CEO, urgently requesting that they purchase $500 in gift cards and reply with the codes. The email address looks slightly off (e.g., ceo@cornpany.com instead of ceo@company.com). What type of social engineering attack is this?

A.Spear phishing
B.Vishing
C.Whaling
D.Tailgating
AnswerC

Whaling is a phishing attack that targets senior executives (or impersonates them) to steal sensitive data or money. The email impersonating the CEO is a textbook example.

Why this answer

This is a whaling attack, a type of phishing that targets high-profile individuals or impersonates them to trick lower-level employees. The attacker used a spoofed email address to impersonate the CEO and create a sense of urgency.

19
MCQhard

A technician receives an email from what appears to be the company's CEO, asking for a list of all employee passwords for a 'security audit'. The email address is correct, but the tone and request are unusual. The technician suspects a social engineering attack. What is the best course of action?

A.Reply to the email asking for more details to confirm the request.
B.Forward the email to the security team and do not respond.
C.Provide the list as requested, since the CEO has authority.
D.Call the CEO immediately to verify the request.
AnswerB

The correct action is to report the suspicious email to the security team for investigation and not engage with the potential attacker. This follows proper incident response protocols.

Why this answer

This is likely a whaling or spear phishing attack impersonating the CEO. The technician should never share passwords and should verify the request through a separate communication channel (e.g., phone call or in-person) before taking any action. Reporting to the security team is also critical.

20
MCQeasy

A receptionist at a company receives a call from someone claiming to be from the IT department. The caller says they need her password to perform an urgent server update. The receptionist provides the password. What type of social engineering attack is this?

A.Tailgating
B.Pretexting
C.Phishing
D.Baiting
AnswerB

Pretexting is when an attacker invents a plausible scenario to trick a victim into providing information or access. The caller's false identity as IT staff is a classic pretext.

Why this answer

This is a classic example of pretexting, where the attacker creates a fabricated scenario (pretext) to trick the victim into divulging sensitive information. The caller impersonated an IT staff member to establish trust and authority.

21
MCQmedium

During a security incident investigation, a technician finds that an attacker called the help desk, pretended to be a new employee who forgot their password, and successfully reset it. The attacker knew the employee's name and department. Which social engineering technique was used?

A.Phishing
B.Pretexting
C.Tailgating
D.Shoulder surfing
AnswerB

Pretexting is the correct term, as the attacker created a false identity and scenario to gain the help desk's trust.

Why this answer

Pretexting is the creation of a fabricated scenario (the pretext) to obtain information or access. The attacker used the employee's details to build credibility and trick the help desk. This highlights the importance of identity verification procedures.

22
MCQmedium

During a security audit, a technician notices that an unauthorized person is standing just behind an employee at the secure door, waiting for the employee to badge in so they can enter without badging themselves. What type of social engineering attack is being attempted?

A.Pretexting
B.Baiting
C.Tailgating
D.Phishing
AnswerC

Tailgating is when an unauthorized person gains access by closely following an authorized person through a secure entry point. This is exactly what is described.

Why this answer

This is tailgating (or piggybacking), where an unauthorized person follows an authorized individual into a restricted area without proper authentication. The attacker is exploiting the employee's politeness or lack of awareness.

23
MCQeasy

A technician receives a call from someone claiming to be from the company's IT security team, asking for the administrator password to 'run a critical update.' The caller's voice sounds stressed and they mention a data breach. What should the technician do?

A.Provide the password immediately to prevent a data breach.
B.Ask for a callback number and verify it against the company directory.
C.Ignore the call because IT never calls about updates.
D.Change the password and give them the new one.
AnswerB

Verifying the caller's identity through official channels is the standard security procedure to prevent credential theft.

Why this answer

This is a classic social engineering attempt using urgency and authority to pressure the victim into divulging credentials. The correct response is to verify the caller's identity through official channels before providing any sensitive information.

24
MCQmedium

A user calls the help desk because they received a pop-up on their screen claiming their computer is infected with a virus and to call a toll-free number for immediate support. The user did not call the number. What should the technician advise the user to do?

A.Call the number to see if it's legitimate.
B.Ignore the pop-up and continue working.
C.Close the pop-up and run a full antivirus scan.
D.Reboot the computer immediately.
AnswerC

The safest action is to close the pop-up (using Task Manager if necessary) and run a security scan to check for any malware that may have been downloaded.

Why this answer

This is a tech support scam, a form of social engineering that uses scare tactics (fake virus warnings) to trick users into calling a fake support line. The user should close the pop-up and run a security scan to ensure no malware was installed.

25
MCQmedium

A user reports that they clicked a link in a text message that appeared to be from their bank, warning of suspicious activity. The link led to a realistic-looking login page, but the user realized it was fake after entering their credentials. What type of social engineering attack is this?

A.Vishing
B.Smishing
C.Pharming
D.Pretexting
AnswerB

Smishing is the correct term for SMS-based phishing attacks.

Why this answer

This is smishing, which is phishing conducted via SMS text messages. The attacker uses urgency and a fake login page to steal credentials. Smishing is increasingly common due to the high trust users place in text messages.

26
MCQmedium

A technician is configuring a new employee's workstation. The employee mentions that a 'friendly IT guy' from the help desk called earlier and asked for their username and temporary password to 'pre-setup the account'. The employee provided the information. What should the technician do first?

A.Proceed with the setup as planned, since the employee already provided the info.
B.Reset the employee's password and report the incident to the security team.
C.Call the help desk to verify if they made the call.
D.Tell the employee it was likely a test and to ignore it.
AnswerB

The correct response is to immediately reset the compromised password and report the social engineering attempt to the security team so they can investigate and prevent further attacks.

Why this answer

This is a social engineering attack where the attacker posed as IT support. The technician should immediately report the incident to the security team and flag the account as compromised, as the credentials are now in the hands of an attacker.

27
MCQhard

A security analyst notices that an attacker has been sending emails that appear to come from the company's internal email system, asking employees to click a link to update their shared drive password. The link leads to a fake login page. The attacker is using a spoofed internal domain. What specific type of phishing is this?

A.Whaling
B.Spear phishing
C.Vishing
D.Pharming
AnswerB

Spear phishing is the correct term for targeted phishing attacks against specific people or groups.

Why this answer

Spear phishing is a targeted phishing attack aimed at specific individuals or groups within an organization. The use of a spoofed internal domain makes it more convincing. This contrasts with regular phishing, which is broader and less personalized.

28
MCQmedium

During a software deployment, a user reports that a stranger in a delivery uniform asked to use their computer to 'check a shipment status' and then quickly left. Later, the user notices unusual network activity. What should the technician investigate first?

A.Check the user's email for phishing messages.
B.Verify the delivery person's identity with the shipping company.
C.Scan the workstation for malware and review recent system changes.
D.Disable the user's network access permanently.
AnswerC

Given physical access, the attacker may have installed malware or created backdoors; scanning and auditing changes is the correct first step.

Why this answer

This scenario describes a pretexting attack where the attacker used a false identity (delivery person) to gain physical access to a computer. The technician should immediately check for unauthorized software or connections that may have been installed.

29
MCQeasy

A user calls the help desk claiming they received an urgent email from the CEO asking them to purchase gift cards for a client and reply with the codes. The user is suspicious because the email address looks slightly off. What type of social engineering attack is this?

A.Shoulder surfing
B.Phishing
C.Tailgating
D.Dumpster diving
AnswerB

Phishing uses fraudulent communications, often email, to trick recipients into revealing sensitive information or performing actions like purchasing gift cards.

Why this answer

This is a classic phishing attack, specifically a form of spear phishing or whaling, where the attacker impersonates a high-level executive to trick the victim into performing an action. The slight alteration in the email address is a common indicator of a spoofed sender.

30
MCQeasy

A user calls the help desk, frantic because they received an email from what appears to be the CEO asking them to urgently purchase $500 in gift cards for a client and reply with the codes. The email address looks slightly off, and the signature is missing the usual legal disclaimer. What type of social engineering attack is this most likely an example of?

A.Shoulder surfing
B.Phishing
C.Tailgating
D.Pretexting
AnswerB

Phishing is the correct term for fraudulent emails designed to trick recipients into taking harmful actions, such as buying gift cards.

Why this answer

This scenario describes a phishing attack, specifically a variant called whaling or CEO fraud, where the attacker impersonates a high-level executive. Phishing is the use of deceptive emails to trick users into revealing sensitive information or performing actions. The slightly off email address and missing disclaimer are classic indicators of a phishing attempt.

Ready to test yourself?

Try a timed practice session using only Social Engineering Attacks questions.