nerdexam
EC-Council

312-50V10 · Question #850

Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while po

The correct answer is A. Social engineering. Social engineering attacks exploit human psychology through deception rather than technical vulnerabilities, and Sam's use of vishing and phishing to steal AWS IAM credentials is a direct example of this technique.

Cloud Computing

Question

Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?

Options

  • ASocial engineering
  • Binsider threat
  • CPassword reuse
  • DReverse engineering

How the community answered

(45 responses)
  • A
    93% (42)
  • C
    2% (1)
  • D
    4% (2)

Why each option

Social engineering attacks exploit human psychology through deception rather than technical vulnerabilities, and Sam's use of vishing and phishing to steal AWS IAM credentials is a direct example of this technique.

ASocial engineeringCorrect

Social engineering encompasses manipulation techniques that target human judgment - Sam used vishing (fake phone calls impersonating a legitimate employee) and phishing emails as two distinct social engineering vectors to deceive the victim into surrendering AWS IAM credentials. Both techniques bypass technical security controls entirely by exploiting trust and urgency in the target. Credential harvesting via social engineering is one of the most common initial access vectors against cloud environments.

Binsider threat

Insider threat describes malicious or negligent actions taken by a current or former employee who already holds legitimate access - Sam is an external attacker using deception, not a trusted insider.

CPassword reuse

Password reuse attacks involve taking credentials exposed in a previous data breach and testing them against other services, requiring no human interaction or social manipulation.

DReverse engineering

Reverse engineering involves analyzing software, firmware, or hardware to understand its internal design or identify vulnerabilities - it does not involve impersonation calls or phishing emails.

Concept tested: Social engineering vishing and phishing for cloud credential theft

Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Topics

#AWS IAM#cloud credential theft#phishing#social engineering

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice