Social Engineering Techniques | Cisco Exam 200-201-CBROPS

Common Social Engineering Techniques

Question

What are two social engineering techniques? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

CE.

The correct answers to the question are C. phishing and E. pharming.

Social engineering is a technique used by cybercriminals to manipulate people into revealing sensitive information or performing certain actions that may lead to the compromise of computer systems or networks. There are various social engineering techniques, but two of the most common ones are:

C. Phishing: This technique involves sending fraudulent emails or messages that appear to be from a trustworthy source, such as a bank, a social media platform, or a reputable company. The goal of phishing is to trick the recipient into clicking on a malicious link or downloading an infected attachment that will install malware or steal personal information. The phishing email may use urgency, curiosity, or fear tactics to prompt the victim to take immediate action without thinking twice.

E. Pharming: This technique involves redirecting legitimate website traffic to a fake website that mimics the original one. The attacker may achieve this by infecting the victim's computer with malware that alters the DNS settings or by exploiting vulnerabilities in the domain name system infrastructure. Once the victim lands on the fake website, they may be prompted to enter sensitive information, such as login credentials, credit card numbers, or personal details, which the attacker can use for malicious purposes.

A. Privilege escalation: This is not a social engineering technique. It refers to the process of gaining higher levels of access to a computer system or network than what is normally allowed. This can be done through various means, such as exploiting vulnerabilities in software, using stolen credentials, or leveraging user errors. Privilege escalation is often used by attackers to gain control of critical resources or to move laterally across a network.

B. DDoS attack: This is also not a social engineering technique. It stands for Distributed Denial of Service and involves flooding a network or website with an overwhelming amount of traffic or requests, rendering it inaccessible to legitimate users. DDoS attacks can be launched using a botnet, which is a network of compromised computers controlled by a single attacker. The goal of DDoS attacks is to disrupt business operations, extort money, or cause reputational damage.