312-50V13 · Question #262
Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive,
The correct answer is D. impersonation. Ralph used impersonation to gain physical access to Jane's company by pretending to be a legitimate customer support executive and technician.
Question
Options
- ADumpster diving
- BEavesdropping
- CShoulder surfing
- Dimpersonation
How the community answered
(30 responses)- A3% (1)
- B10% (3)
- C3% (1)
- D83% (25)
Why each option
Ralph used impersonation to gain physical access to Jane's company by pretending to be a legitimate customer support executive and technician.
Dumpster diving involves sifting through trash or discarded items to find sensitive information, which Ralph did as a *secondary* action (`rummaging bins`), but the primary attack technique to *gain entry* was not dumpster diving.
Eavesdropping is secretly listening to private conversations, which is not the primary method Ralph used to gain entry or information.
Shoulder surfing involves directly observing someone entering sensitive data (like passwords) on a keyboard or screen, which is not the main technique used to gain access to the premises.
Ralph's initial action of contacting Jane 'while masquerading as a legitimate customer support executive' and then sending himself in as a 'computer technician' directly falls under impersonation. This social engineering tactic involves pretending to be someone else to gain trust, access, or information, which Ralph successfully did to enter the company and collect sensitive data.
Concept tested: Social engineering; impersonation
Source: https://www.cisa.gov/resources-tools/resources/social-engineering-attacks-tips-avoid-falling-victim
Topics
Community Discussion
No community discussion yet for this question.