Question 58 of 108 from exam 200-201-CBROPS: Understanding Cisco Cybersecurity Operations Fundamentals

Question 58 of 108 from exam 200-201-CBROPS: Understanding Cisco Cybersecurity Operations Fundamentals


What is an example of social engineering attacks?



A. B. C. D.


Social engineering attacks refer to the use of deception and manipulation techniques to gain unauthorized access to sensitive information or systems. Attackers often use social engineering tactics to exploit human weaknesses such as trust, fear, or curiosity to trick individuals into divulging sensitive information or performing actions that compromise security.

Let's break down each answer option to understand how it relates to social engineering attacks:

A. receiving an unexpected email from an unknown person with an attachment from someone in the same company This is an example of a phishing attack, a type of social engineering attack that involves sending fraudulent emails with the aim of stealing sensitive information, such as usernames, passwords, or credit card numbers. The attacker may disguise themselves as a trusted sender, such as a colleague, in order to trick the recipient into opening an attachment or clicking on a link that downloads malware onto their device.

B. receiving an email from human resources requesting a visit to their secure website to update contact information This is another example of a phishing attack, in this case, a form of spear phishing, where the attacker targets a specific individual or group by posing as a trustworthy source such as human resources. The email may appear legitimate, but the website link may lead to a fake website designed to steal login credentials or other sensitive information.

C. sending a verbal request to an administrator who knows how to change an account password This is an example of a pretexting attack, where the attacker poses as someone else to obtain sensitive information or access. In this case, the attacker may pretend to be a manager or other authority figure to convince the administrator to change a password or provide other access credentials.

D. receiving an invitation to the department's weekly WebEx meeting This is not an example of a social engineering attack, as it does not involve any form of deception or manipulation. It is simply an invitation to a meeting.

In summary, the correct answer to the question is either A or B, as they both represent examples of social engineering attacks.