nerdexam
EC-Council

312-50V13 · Question #262

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive,

The correct answer is D. impersonation. Ralph used impersonation to gain physical access to Jane's company by pretending to be a legitimate customer support executive and technician.

Submitted by jaden.t· Mar 6, 2026Social Engineering

Question

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on jane?

Options

  • ADumpster diving
  • BEavesdropping
  • CShoulder surfing
  • Dimpersonation

How the community answered

(30 responses)
  • A
    3% (1)
  • B
    10% (3)
  • C
    3% (1)
  • D
    83% (25)

Why each option

Ralph used impersonation to gain physical access to Jane's company by pretending to be a legitimate customer support executive and technician.

ADumpster diving

Dumpster diving involves sifting through trash or discarded items to find sensitive information, which Ralph did as a *secondary* action (`rummaging bins`), but the primary attack technique to *gain entry* was not dumpster diving.

BEavesdropping

Eavesdropping is secretly listening to private conversations, which is not the primary method Ralph used to gain entry or information.

CShoulder surfing

Shoulder surfing involves directly observing someone entering sensitive data (like passwords) on a keyboard or screen, which is not the main technique used to gain access to the premises.

DimpersonationCorrect

Ralph's initial action of contacting Jane 'while masquerading as a legitimate customer support executive' and then sending himself in as a 'computer technician' directly falls under impersonation. This social engineering tactic involves pretending to be someone else to gain trust, access, or information, which Ralph successfully did to enter the company and collect sensitive data.

Concept tested: Social engineering; impersonation

Source: https://www.cisa.gov/resources-tools/resources/social-engineering-attacks-tips-avoid-falling-victim

Topics

#social engineering#impersonation#physical security#information gathering

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice