312-50V12 Question #198: Real Exam Question with Answer & Explanation

Question

During a reconnaissance mission, an ethical hacker uses Maltego, a popular footprinting tool, to collect information about a target organization. The information includes the target's Internet infrastructure details (domains, DNS names, Netblocks, IP address information). The hacker decides to use social engineering techniques to gain further information. Which of the following would be the least likely method of social engineering to yield beneficial information based on the data collected?

Options

• ADumpster diving in the target company's trash bins for valuable printouts
• BImpersonating an ISP technical support agent to trick the target into providing further network
• CShoulder surfing to observe sensitive credentials input on the target's computers
• DEavesdropping on internal corporate conversations to understand key topics

Explanation

The question asks which social engineering method is least likely to yield beneficial information given that external network infrastructure details have already been collected through footprinting.

Common mistakes.

• A. Dumpster diving is a physical social engineering method aimed at retrieving discarded sensitive documents, which could contain valuable 'further information' regardless of the initial network footprinting data.
• C. Shoulder surfing is a physical social engineering method used to observe sensitive data like credentials being entered, offering a direct way to gain 'further information' that is not dependent on the initial network footprinting data.
• D. Eavesdropping involves listening to internal corporate conversations, which is a physical social engineering method capable of providing valuable 'further information' about operations, projects, or personnel, irrespective of the initial network footprinting data.

Concept tested. Social engineering effectiveness based on reconnaissance data

No community discussion yet for this question.