nerdexam
EC-Council

312-50V10 · Question #696

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking d

The correct answer is B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or. When technical defenses at a highly secure target are too strong to defeat directly, social engineering - manipulating trusted insiders - is the most realistic attack vector. This approach exploits the human element rather than technology.

Social Engineering

Question

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

Options

  • ALook for "zero-day" exploits at various underground hacker websites in Russia and China and buy
  • BTry to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or
  • CLaunch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000
  • DTry to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn

How the community answered

(55 responses)
  • A
    15% (8)
  • B
    73% (40)
  • C
    9% (5)
  • D
    4% (2)

Why each option

When technical defenses at a highly secure target are too strong to defeat directly, social engineering - manipulating trusted insiders - is the most realistic attack vector. This approach exploits the human element rather than technology.

ALook for "zero-day" exploits at various underground hacker websites in Russia and China and buy

Zero-day exploits purchased online are still technical attacks that a high-security bank environment may detect, sandbox, or have already mitigated through network isolation.

BTry to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid orCorrect

Social engineering by befriending a disgruntled or underpaid employee near the workplace targets the weakest link in any security model - humans. Insiders can provide credentials, bypass physical access controls, or reveal sensitive information that no technical exploit could uncover, making this the most viable approach against a hardened, well-patched target.

CLaunch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000

DDoS attacks against routers and firewalls disrupt availability but do not grant unauthorized access to classified data stored on the mainframe itself.

DTry to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn

MiTM attacks require viable network interception points that a highly secured, internally isolated mainframe environment would not expose to an outside attacker.

Concept tested: Social engineering as primary vector against hardened targets

Source: https://www.cisa.gov/sites/default/files/publications/socialengineering_0.pdf

Topics

#social engineering#insider recruitment#physical security#impersonation

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice