Quiz : Social Engineering & Physical Security

1. A high-level executive receives a highly personalized email that appears to come from the company's legal department, requesting sensitive financial documents. What specific type of attack is this?

A) Vishing

B) Whaling

C) Tailgating

D) Dumpster Diving

Answer: B. Whaling targets high-ranking individuals specifically.

1. Which physical security control is specifically designed to prevent "tailgating" or "piggybacking"?

A) Bollards

B) Faraday Cages

C) Mantraps

D) HVAC

Answer: C. A mantrap ensures only one person can pass through a secure area at a time.

1. An attacker leaves a malware-infected USB drive in a company's parking lot, hoping an employee will find it and plug it into a work computer. This is known as:

A) Baiting

B) Shoulder Surfing

C) Phishing

D) Smishing

Answer: A. Baiting uses a physical object (like a USB) to trick someone into compromising their system.

1. What is the primary purpose of a Faraday Cage in a secure facility?

A) To prevent fire from spreading

B) To block electromagnetic signals and EMI

C) To cool the server racks

D) To authenticate users via fingerprints

Answer: B. It acts as a shield against wireless signals and electromagnetic interference.

1. During an inspection, you notice that server racks are arranged with their air exhausts facing each other in one aisle and their air intakes facing each other in the next. What is this called?

A) A Mantrap

B) Hot and Cold Aisles

C) Fire Suppression

D) Perimeter Defense

Answer: B. This configuration is used for efficient cooling and temperature management in data centers.

1. Which influence tactic is being used when an attacker claims to be a high-ranking official to pressure an employee?

A) Scarcity

B) Consensus

C) Authority

D) Familiarity

Answer: C. Using a position of power to demand compliance is an authority-based tactic.

1. An attacker sifts through a company's recycling bins to find discarded memos or printed passwords. This is called:

A) Shoulder Surfing

B) Vishing

C) Dumpster Diving

D) Tailgating

Answer: C. Dumpster diving involves searching through trash to find information that wasn't shredded.

1. Which of the following is an example of an "Active" deterrent?

A) A "No Trespassing" sign

B) A security guard patrolling the grounds

C) A fence around the perimeter

D) A painted line on the floor

Answer: B. A security guard can actively respond to an incident, whereas signs and fences are passive.

1. What is the main risk associated with "Shoulder Surfing"?

A) Unauthorized entry through a door

B) Theft of physical hardware

C) Observation of sensitive data like PINs or passwords

D) Overheating of server equipment

Answer: C. Shoulder surfing involves visually observing a user's screen or keypad.

1. Why is a "Wet Pipe" sprinkler system usually avoided in a server room?

A) It is too expensive to install

B) Water causes irreparable damage to electronic hardware

C) It does not put out fires effectively

D) It blocks the Wi-Fi signal

Answer: B. Electronic equipment is destroyed by water, making gas-based suppression systems a better choice.