nerdexam
EC-Council

312-50V11 · Question #696

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking d

The correct answer is B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or. When technical defenses are impenetrable, social engineering - targeting disgruntled or careless insiders - is the most effective attack vector against a highly secured system.

Social Engineering

Question

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

Options

  • ALook for "zero-day" exploits at various underground hacker websites in Russia and China and buy
  • BTry to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or
  • CLaunch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000
  • DTry to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn

How the community answered

(25 responses)
  • A
    8% (2)
  • B
    44% (11)
  • C
    32% (8)
  • D
    16% (4)

Why each option

When technical defenses are impenetrable, social engineering - targeting disgruntled or careless insiders - is the most effective attack vector against a highly secured system.

ALook for "zero-day" exploits at various underground hacker websites in Russia and China and buy

Purchasing zero-day exploits is expensive and unreliable, and a specific exploit for a particular high-security mainframe configuration may not exist, making it far less practical than targeting human insiders.

BTry to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid orCorrect

Social engineering exploits the human element rather than technical vulnerabilities, making it effective even when all technical controls are in place. A poorly-paid or disgruntled bank employee may willingly or unwittingly reveal credentials, access procedures, or sensitive information when approached casually in a social setting. This technique, known as elicitation or pretexting, bypasses firewalls, IDS, and all other technical safeguards entirely.

CLaunch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000

A DDoS attack against routers and firewalls would disrupt network availability but would not grant unauthorized access to the internal mainframe system itself.

DTry to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn

A Man-in-the-Middle attack requires the ability to intercept network traffic, which is unlikely to be feasible against a physically isolated and highly secured mainframe environment.

Concept tested: Social engineering against physically secure systems

Source: https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#social engineering#insider threat#physical security#impenetrable systems

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice