312-50V10 · Question #939
Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive,
The correct answer is D. impersonation. Ralph used impersonation - a social engineering technique - by pretending to be a customer support executive to gain unauthorized physical access and collect sensitive information.
Question
Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on jane?
Options
- ADumpster diving
- BEavesdropping
- CShoulder surfing
- Dimpersonation
How the community answered
(41 responses)- A5% (2)
- B17% (7)
- C7% (3)
- D71% (29)
Why each option
Ralph used impersonation - a social engineering technique - by pretending to be a customer support executive to gain unauthorized physical access and collect sensitive information.
Dumpster diving specifically refers to physically searching discarded trash and refuse for sensitive documents or credentials; while Ralph did search bins, this describes only one subordinate activity and not the technique used to gain entry.
Eavesdropping involves covertly intercepting voice conversations or network communications without the parties' knowledge, which is not how Ralph gained access or gathered information in this scenario.
Shoulder surfing is the act of directly observing a person's screen, keyboard, or PIN entry from close proximity to steal credentials, which was not the technique Ralph used to infiltrate the company.
Impersonation is a social engineering attack in which the attacker fabricates a trusted identity - here, a customer support executive - to psychologically manipulate the target into granting physical or logical access. Ralph's use of a false identity was the primary attack vector that enabled all subsequent information-gathering activities including scanning terminals and searching physical spaces.
Concept tested: Social engineering impersonation for unauthorized physical access
Source: https://csrc.nist.gov/glossary/term/impersonation
Topics
Community Discussion
No community discussion yet for this question.