1.  You received an email from your Professor that said there was a surprise pop quiz, which was to be completed as soon as possible, or you would not be able to take it at all and get a zero. There was a link to click on for you to enter your username and password. Students who clicked on this link and entered their username and password were locked out of their accounts. The accounts were later recovered. The UH ITS (Information Technology Services) reported that the accounts were used by attackers to send spam. What kind of social engineering strategy does this attack NOT use?
    A.     Authority
    B.     Consensus
    C.     Intimidation
    D.     Urgency

2.  Your coworker throws away all his documents, but never shreds them. What kind of potential attack could happen from this?
    A.     zero day exploit
    B.     dumpster diving
    C.     phishing
    D.     privilege escalation

3.  UH email often adds “[CAUTION EXTERNAL EMAIL]” to the beginning of the subject line to let users know to be cautious about email from outside UH.
    A.     pretexting
    B.     reconnaissance
    C.     credential harvesting
    D.     prepending

4.  You get an email from Mickey Mouse about a free trip for two to Walt Disney World. You just have to forward the email to 10 people. What kind of attack does this describe?
    A.     shoulder surfing
    B.     tailgating
    C.     dumpster diving
    D.     hoax

5.  What is a technique for eliciting information from someone?
    A.     tailgating
    B.     shoulder surfing
    C.     pharming
    D.     false statements

6.  _____ redirects a user from a legitimate website to a malicious website by changing hosts files on the victim's computer or on a DNS server.
    A.     pharming
    B.     vishing
    C.     smishing
    D.     spear phishing

7.  _____ is sending fake text messages to trick you into giving up personal information
    A.     vishing
    B.     watering hole attack
    C.     smishing
    D.     phishing

8.  _____ is usually the first step in a social engineering attack.
    A.     hoax
    B.     prepending
    C.     reconnaissance
    D.     invoice scam

9.  _____ is any act that influences a person to take an action that may or may not be in their best interest.
    A.     cryptographic attacks
    B.     social engineering
    C.     application attacks
    D.     wireless attacks

10.  _____ is unsolicited Instant Messaging (IM) sent indiscriminately in bulk, often for commercial purposes.
    A.     SPIM
    B.     phishing
    C.     smishing
    D.     spam