nerdexam
EC-Council

312-50V10 · Question #939

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive,

The correct answer is D. impersonation. Ralph used impersonation - a social engineering technique - by pretending to be a customer support executive to gain unauthorized physical access and collect sensitive information.

Social Engineering

Question

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on jane?

Options

  • ADumpster diving
  • BEavesdropping
  • CShoulder surfing
  • Dimpersonation

How the community answered

(41 responses)
  • A
    5% (2)
  • B
    17% (7)
  • C
    7% (3)
  • D
    71% (29)

Why each option

Ralph used impersonation - a social engineering technique - by pretending to be a customer support executive to gain unauthorized physical access and collect sensitive information.

ADumpster diving

Dumpster diving specifically refers to physically searching discarded trash and refuse for sensitive documents or credentials; while Ralph did search bins, this describes only one subordinate activity and not the technique used to gain entry.

BEavesdropping

Eavesdropping involves covertly intercepting voice conversations or network communications without the parties' knowledge, which is not how Ralph gained access or gathered information in this scenario.

CShoulder surfing

Shoulder surfing is the act of directly observing a person's screen, keyboard, or PIN entry from close proximity to steal credentials, which was not the technique Ralph used to infiltrate the company.

DimpersonationCorrect

Impersonation is a social engineering attack in which the attacker fabricates a trusted identity - here, a customer support executive - to psychologically manipulate the target into granting physical or logical access. Ralph's use of a false identity was the primary attack vector that enabled all subsequent information-gathering activities including scanning terminals and searching physical spaces.

Concept tested: Social engineering impersonation for unauthorized physical access

Source: https://csrc.nist.gov/glossary/term/impersonation

Topics

#impersonation#pretexting#social engineering#physical intrusion

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice