312-50V13 · Question #521
312-50V13 Question #521: Real Exam Question with Answer & Explanation
The correct answer is A: Shoulder surfing to observe sensitive credentials input on the target's computers. Explanation Shoulder surfing (A) is the least likely to yield beneficial information in this context because the hacker has already gathered network infrastructure data (domains, DNS, IP addresses) - shoulder surfing would require physical proximity to the target's premises and w
Question
During a reconnaissance mission, an ethical hacker uses Maltego, a popular footprinting tool, to collect information about a target organization. The information includes the target's Internet infrastructure details (domains, DNS names, Netblocks, IP address information). The hacker decides to use social engineering techniques to gain further information. Which of the following would be the least likely method of social engineering to yield beneficial information based on the data collected?
Options
- AShoulder surfing to observe sensitive credentials input on the target's computers
- BImpersonating an ISP technical support agent to trick the target into providing further network
- CDumpster diving in the target company's trash bins for valuable printouts
- DEavesdropping on internal corporate conversations to understand key topics
Explanation
Explanation
Shoulder surfing (A) is the least likely to yield beneficial information in this context because the hacker has already gathered network infrastructure data (domains, DNS, IP addresses) - shoulder surfing would require physical proximity to the target's premises and would only capture credentials or on-screen data, which doesn't meaningfully build upon the infrastructure intelligence already collected.
Options B, C, and D are incorrect because they logically extend the value of the collected data: impersonating an ISP agent (B) leverages knowledge of the target's network infrastructure to craft a convincing pretext; dumpster diving (C) could uncover printed network diagrams, IP documentation, or configuration sheets directly related to the infrastructure findings; and eavesdropping (D) could reveal how staff discuss and manage the very systems already mapped.
Memory Tip: Think of it as a "logical next step" rule - social engineering methods that align with the data already collected (network/infrastructure details) are more valuable. Shoulder surfing is a physical observation technique that stands alone and doesn't leverage or expand on infrastructure intelligence, making it the odd one out. Ask yourself: "Does this method use what I already know?"
Topics
Community Discussion
No community discussion yet for this question.