GoTo Customer Support Embark: GoTo Admin Training Embark: GoTo User Training Provide Feedback

Answers

1. True or false: Security awareness training should always be the main focus for preventing scams. 

 

False: While security awareness training is an essential requirement for protecting your organization from social engineering, implementing tech controls such as company pin code validation can not only serve as a safeguard in the event that an employee falls for a scam, they can also be your only line of defense when it comes to protecting external customers.   

 

2. Which of the following is not a potential strategy for mitigating the risks of social engineering attacks where a malicious actor impersonates another vendor? 

a. Blocking access to all other remote support tools 

b. Locking pin codes to only your support page 

c. Restricting use of Rescue to only specific IP addresses or Enterprise domains 

d. Educating employees to not trust accounts flagged as trials 

 

B. While locking pin codes to your support page can stop hackers from hijacking your support page when impersonating you, this strategy doesn’t work if they are impersonating a vendor that wouldn’t be using your support page. 

 

3. True or False: Allow listed hosts for pin entry eliminates the risks of attacks like Malvertising and URL hijacking. 

 

False: This feature will only prevent an attack if the attack relies on the user clicking a button such as “Request Support.” In some cases, the mere act of visiting the site can trigger an attack, so it’s important to not rely on any one security feature.  

 

4. Which of the following are different ways you can reduce the risk of a malicious actor getting unauthorized access to unattended devices: 

a. Not having devices set up for unattended access unless strictly necessary 

b. Requiring administrative credentials at the start of every session 

c. Taking appropriate measures to protect technician credentials, like setting up MFA and strict password policies 

d. Using a remote support tool that uses a reusable id and password to grant unattended access  

e. Setting up time limits for when an unattended device can be accessed 

 

All but D. Using tools that only require credentials for the end user’s remote support account to set up unattended access can make them more vulnerable to unauthorized access if those credentials are compromised.