EXAM BANK | COMPLETE EXAM BANK
WITH CORRECT ANSWERS AND
RATIONALES. A+ GRADED
1. Which of the following social engineering attacks
involves sending an email that appears to come from
a legitimate source to trick a user into revealing
credentials?
A) Phishing
B) Vishing
C) Smishing
D) Whaling
Correct answer: A
Rationale: Phishing uses fraudulent email or
messages. Vishing uses voice calls; smishing uses
SMS; whaling targets executives.
2. A user receives a phone call from someone
claiming to be from the IT department asking for their
password. This is an example of:
A) Phishing
B) Pretexting
,C) Tailgating
D) Shoulder surfing
Correct answer: B
Rationale: Pretexting uses a fabricated scenario
(fake IT support) to obtain information. Tailgating is
physical access; shoulder surfing is observing.
3. An attacker gains unauthorized access to a
building by following an employee through a secure
door. This attack is called:
A) Phishing
B) Tailgating (or piggybacking)
C) Dumpster diving
D) Eavesdropping
Correct answer: B
Rationale: Tailgating occurs when an unauthorized
person follows an authorized person through an
access-controlled door without using their own
credentials.
4. A user clicks on a link in an email and is directed to
a fake login page that looks identical to their
company's email portal. The user enters their
,credentials, which are captured by the attacker. This
is known as:
A) Spear phishing
B) Credential harvesting via a phishing website
C) Watering hole attack
D) Whaling
Correct answer: B
Rationale: Credential harvesting uses fake login
pages to collect usernames and passwords. Spear
phishing targets specific individuals.
5. Which type of malware self-replicates without
requiring user interaction and spreads across
networks?
A) Trojan horse
B) Worm
C) Ransomware
D) Rootkit
Correct answer: B
Rationale: Worms self-replicate across networks
without user action. Trojans require user execution;
ransomware encrypts files; rootkits hide malware
presence.
, 6. A user receives a pop-up message stating their
computer is infected and to call a toll-free number for
support. This is an example of:
A) Ransomware
B) Scareware (rogue security software)
C) Spyware
D) Keylogger
Correct answer: B
Rationale: Scareware uses fear tactics to trick users
into calling fake support or purchasing fake antivirus.
Ransomware encrypts files and demands payment.
7. Which of the following is a characteristic of a
Remote Access Trojan (RAT)?
A) It provides an attacker with remote administrative
control over the victim's computer
B) It locks the user's screen until a ransom is paid
C) It displays unwanted advertisements
D) It encrypts files and demands payment
Correct answer: A
Rationale: RATs (e.g., DarkComet, Poison Ivy) allow
attackers to remotely control the victim's system,