SOPHOS CERTIFIED ENGINEER EXAM 2026
PRACTICE QUESTION SET TWO
◉ Smishing. Answer: When someone tries to trick you into giving
them your private information via a text or SMS message.
◉ Vishing. Answer: Using social engineering over the telephone
system to gain access to private personal and financial information
for the purpose of financial reward
◉ Spam. Answer: irrelevant or unsolicited messages sent to a large
number of Internet users, for illegitimate advertising, and other
activities such as phishing, and spreading malware
◉ SPIM. Answer: Spam delivered through instant messaging (IM)
instead of through e-mail messaging
◉ Spear Phishing. Answer: the act of sending emails to specific and
well-researched targets while pretending to be a trusted sender
◉ Dumpster Diving. Answer: exploration of a system's trash bin for
the purpose of finding details in order for a hacker to have a
successful online assault.
,◉ Shoulder Surfing. Answer: When someone watches over your
shoulder to nab valuable information as you key it into an electronic
device.
◉ Pharming. Answer: cyberattack intended to redirect a website's
traffic to another, fake site.
◉ Tailgating. Answer: Social engineering attempt by cyber threat
actors in which they trick employees into helping them gain
unauthorized access into the company premises.
◉ Eliciting Information. Answer: Procedures or techniques involving
interacting with and communicating with others that is designed to
gather knowledge or inform
◉ Whaling. Answer: Spear phishing that focuses on one specific high
level executive or influencer
◉ Prepending. Answer: Prepend is a word that means to attach
content as a prefix. For example, a prepend command could be used
in a scripting language that a programmer would enter into a certain
function or code module. It would add certain characters of text to
the beginning of some variable or object.
,◉ Identity Fraud. Answer: identity fraud is the use of stolen
information such as making fake ID's and fake bank accounts
◉ Invoice Scams. Answer: using fraudulent invoices to steal from a
company
◉ Credential Harvesting. Answer: the use of MITM attacks, DNS
poisoning, phishing, etc. to amass large numbers of credentials
(username / password combinations) for reuse.
◉ Reconnaissance. Answer: - Information gathering about a target
network
◉ Hoax. Answer: Cyber hoax scams are attacks that exploit
unsuspecting users to provide valuable information, such as login
credentials or money.
◉ Impersonation. Answer: typically involves an email that seems to
come from a trusted source.
◉ Watering hole attack. Answer: security exploit in which the
attacker seeks to compromise a specific group of end users by
infecting websites that members of the group are known to visit. The
goal is to infect a targeted user's computer and gain access to the
network at the target's place of employment.
, ◉ Typo squatting. Answer: type of cybersquatting used by imposters
that involve registering domains with intentionally misspelled
names of popular web addresses to install malware on the user's
system
◉ Pretexting. Answer: the practice of presenting oneself as someone
else in order to obtain private information.
◉ Influence campaigns. Answer:
◉ Hybrid warfare. Answer: - Combining conventional warfare with
cyberwarfare
◉ Social Media Campaign. Answer: Planned, coordinated marketing
efforts using one or more social media platforms.
◉ Principles:. Answer: Authority: an attacker may try to appear to
have a certain level authority.
Intimidation: may try to make the victim think that something
terrible is going to happen if they don't comply with the attacker's
wishes.
Consensus: An attacker may try to sway the mind of a victim using
names they are familiar with, saying that such ones provided them
PRACTICE QUESTION SET TWO
◉ Smishing. Answer: When someone tries to trick you into giving
them your private information via a text or SMS message.
◉ Vishing. Answer: Using social engineering over the telephone
system to gain access to private personal and financial information
for the purpose of financial reward
◉ Spam. Answer: irrelevant or unsolicited messages sent to a large
number of Internet users, for illegitimate advertising, and other
activities such as phishing, and spreading malware
◉ SPIM. Answer: Spam delivered through instant messaging (IM)
instead of through e-mail messaging
◉ Spear Phishing. Answer: the act of sending emails to specific and
well-researched targets while pretending to be a trusted sender
◉ Dumpster Diving. Answer: exploration of a system's trash bin for
the purpose of finding details in order for a hacker to have a
successful online assault.
,◉ Shoulder Surfing. Answer: When someone watches over your
shoulder to nab valuable information as you key it into an electronic
device.
◉ Pharming. Answer: cyberattack intended to redirect a website's
traffic to another, fake site.
◉ Tailgating. Answer: Social engineering attempt by cyber threat
actors in which they trick employees into helping them gain
unauthorized access into the company premises.
◉ Eliciting Information. Answer: Procedures or techniques involving
interacting with and communicating with others that is designed to
gather knowledge or inform
◉ Whaling. Answer: Spear phishing that focuses on one specific high
level executive or influencer
◉ Prepending. Answer: Prepend is a word that means to attach
content as a prefix. For example, a prepend command could be used
in a scripting language that a programmer would enter into a certain
function or code module. It would add certain characters of text to
the beginning of some variable or object.
,◉ Identity Fraud. Answer: identity fraud is the use of stolen
information such as making fake ID's and fake bank accounts
◉ Invoice Scams. Answer: using fraudulent invoices to steal from a
company
◉ Credential Harvesting. Answer: the use of MITM attacks, DNS
poisoning, phishing, etc. to amass large numbers of credentials
(username / password combinations) for reuse.
◉ Reconnaissance. Answer: - Information gathering about a target
network
◉ Hoax. Answer: Cyber hoax scams are attacks that exploit
unsuspecting users to provide valuable information, such as login
credentials or money.
◉ Impersonation. Answer: typically involves an email that seems to
come from a trusted source.
◉ Watering hole attack. Answer: security exploit in which the
attacker seeks to compromise a specific group of end users by
infecting websites that members of the group are known to visit. The
goal is to infect a targeted user's computer and gain access to the
network at the target's place of employment.
, ◉ Typo squatting. Answer: type of cybersquatting used by imposters
that involve registering domains with intentionally misspelled
names of popular web addresses to install malware on the user's
system
◉ Pretexting. Answer: the practice of presenting oneself as someone
else in order to obtain private information.
◉ Influence campaigns. Answer:
◉ Hybrid warfare. Answer: - Combining conventional warfare with
cyberwarfare
◉ Social Media Campaign. Answer: Planned, coordinated marketing
efforts using one or more social media platforms.
◉ Principles:. Answer: Authority: an attacker may try to appear to
have a certain level authority.
Intimidation: may try to make the victim think that something
terrible is going to happen if they don't comply with the attacker's
wishes.
Consensus: An attacker may try to sway the mind of a victim using
names they are familiar with, saying that such ones provided them
