nerdexam
Exams312-50V10Questions#910
EC-Council

312-50V10 · Question #910

312-50V10 Question #910: Real Exam Question with Answer & Explanation

The correct answer is A: Matt inadvertently provided the answers to his security questions when responding to the post.. Matt fell victim to a social engineering attack where answering a Facebook trivia post disclosed the answers to his bank's knowledge-based security questions, enabling a password reset by the attacker.

Social Engineering

Question

While browsing his Facebook teed, Matt sees a picture one of his friends posted with the caption. "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate. Matt responds to the questions on the post, a few days later. Mates bank account has been accessed, and the password has been changed. What most likely happened?

Options

  • AMatt inadvertently provided the answers to his security questions when responding to the post.
  • BMatt's bank-account login information was brute forced.
  • CMatt Inadvertently provided his password when responding to the post.
  • DMatt's computer was infected with a keylogger.

Explanation

Matt fell victim to a social engineering attack where answering a Facebook trivia post disclosed the answers to his bank's knowledge-based security questions, enabling a password reset by the attacker.

Common mistakes.

  • B. Brute-forcing a bank account is impractical due to account lockout policies, CAPTCHA, and rate limiting, and the scenario provides no evidence of repeated failed login attempts.
  • C. The Facebook post solicited personal trivia answers, not passwords, so Matt would not have typed or revealed his actual account password.
  • D. A keylogger requires prior malware installation on the victim's device, and nothing in the scenario indicates that Matt's computer was compromised.

Concept tested. Social engineering via security question answer harvesting

Reference. https://cheatsheetseries.owasp.org/cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.html

Topics

#social engineering#security questions#pretexting#account compromise

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V10 Practice