312-50V10 · Question #850
Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while po
The correct answer is A. Social engineering. Social engineering attacks exploit human psychology through deception rather than technical vulnerabilities, and Sam's use of vishing and phishing to steal AWS IAM credentials is a direct example of this technique.
Question
Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?
Options
- ASocial engineering
- Binsider threat
- CPassword reuse
- DReverse engineering
How the community answered
(45 responses)- A93% (42)
- C2% (1)
- D4% (2)
Why each option
Social engineering attacks exploit human psychology through deception rather than technical vulnerabilities, and Sam's use of vishing and phishing to steal AWS IAM credentials is a direct example of this technique.
Social engineering encompasses manipulation techniques that target human judgment - Sam used vishing (fake phone calls impersonating a legitimate employee) and phishing emails as two distinct social engineering vectors to deceive the victim into surrendering AWS IAM credentials. Both techniques bypass technical security controls entirely by exploiting trust and urgency in the target. Credential harvesting via social engineering is one of the most common initial access vectors against cloud environments.
Insider threat describes malicious or negligent actions taken by a current or former employee who already holds legitimate access - Sam is an external attacker using deception, not a trusted insider.
Password reuse attacks involve taking credentials exposed in a previous data breach and testing them against other services, requiring no human interaction or social manipulation.
Reverse engineering involves analyzing software, firmware, or hardware to understand its internal design or identify vulnerabilities - it does not involve impersonation calls or phishing emails.
Concept tested: Social engineering vishing and phishing for cloud credential theft
Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Topics
Community Discussion
No community discussion yet for this question.