312-50V13 Question #245: Real Exam Question with Answer & Explanation

Question

Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?

Options

• ASocial engineering
• Binsider threat
• CPassword reuse
• DReverse engineering

Explanation

Explanation

Option A (Social Engineering) is correct because Sam is using psychological manipulation tactics - specifically fake phone calls (vishing) and phishing emails - to deceive an employee into revealing AWS IAM credentials, which is the hallmark definition of social engineering.

The distractors are wrong for these reasons:

• B (Insider Threat) refers to a malicious or negligent current employee/contractor within the organization - Sam is an external attacker, not an insider
• C (Password Reuse) involves exploiting credentials used across multiple platforms, which is not described in the scenario
• D (Reverse Engineering) involves analyzing software/systems to uncover vulnerabilities or logic, with no human manipulation component

Memory Tip: Think of social engineering as "hacking the human" - any time an attacker uses deception, impersonation, or psychological tricks (calls, emails, pretexting) to steal credentials rather than exploiting technical vulnerabilities, it's social engineering. The key giveaway words are "fake calls," "posing as," and "phishing emails."

No community discussion yet for this question.