2.4.8 Lab – Social Engineering Answers

Lab – Social Engineering (Answers Version)

Answers Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Objectives

Research and identify social engineering attacks

Background / Scenario

Social engineering is an attack with the goal of getting a victim to enter personal or sensitive information, this type of attack can be performed by an attacker utilizing a keylogger, phishing email, or an in-person method. This lab requires the research of social engineering and the identification of ways to recognize and prevent it.

Required Resources

PC or mobile device with internet access

Instructions

Using a web browser find the article “Methods for Understanding and Reducing Social Engineering Attacks” on the SANS Institute website. A search engine should easily find the article.

The SANS Institute is a cooperative research and education organization that offers information security training and security certification. The SANS Reading Room has many articles that are relevant to the practice of cybersecurity analysis. You can join the SANS community by creating a free user account to access to the latest articles, or you can access the older articles without a user account.

Read the article or choose another article on social engineering, read it, and answer the following questions:

Questions:

What are the three methods used in social engineering to gain access to information?

Type your answers here.

Answers should include electronic access, physical access, and social media.

What are three examples of social engineering attacks from the first two methods in the previous question?

Type your answers here.

Answers will vary but may include spear phishing via email, baiting with desired content, or tailgating.

Why is social networking a social engineering threat?

Type your answers here.

Answers should include that social networking usually encourages people to share personal information along with interests and habits. (Full name, date of birth (DOB) hometown, etc…).

How can an organization defend itself from social engineering attacks?

Type your answers here.

Answers should include the creation and utilization of security awareness training.

What is the SANS Institute, which authored this article?

Type your answers here.

Answers will vary based on the website https://www.sans.org and the content displayed. Answer should include that they are a provider of information security training and certification.