312-50V13 · Question #245
Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while po
The correct answer is A. Social engineering. Explanation Option A (Social Engineering) is correct because Sam is using psychological manipulation tactics - specifically fake phone calls (vishing) and phishing emails - to deceive an employee into revealing AWS IAM credentials, which is the hallmark definition of social engin
Question
Options
- ASocial engineering
- Binsider threat
- CPassword reuse
- DReverse engineering
How the community answered
(41 responses)- A88% (36)
- B7% (3)
- C2% (1)
- D2% (1)
Explanation
Explanation
Option A (Social Engineering) is correct because Sam is using psychological manipulation tactics - specifically fake phone calls (vishing) and phishing emails - to deceive an employee into revealing AWS IAM credentials, which is the hallmark definition of social engineering.
The distractors are wrong for these reasons:
- B (Insider Threat) refers to a malicious or negligent current employee/contractor within the organization - Sam is an external attacker, not an insider
- C (Password Reuse) involves exploiting credentials used across multiple platforms, which is not described in the scenario
- D (Reverse Engineering) involves analyzing software/systems to uncover vulnerabilities or logic, with no human manipulation component
Memory Tip: Think of social engineering as "hacking the human" - any time an attacker uses deception, impersonation, or psychological tricks (calls, emails, pretexting) to steal credentials rather than exploiting technical vulnerabilities, it's social engineering. The key giveaway words are "fake calls," "posing as," and "phishing emails."
Topics
Community Discussion
No community discussion yet for this question.