EC-Council
312-50V9 · Question #473
312-50V9 Question #473: Real Exam Question with Answer & Explanation
The correct answer is B: Tailgating. Tailgating is the physical security attack where an unauthorized person follows an authorized individual through a secured entry point without using their own credentials.
Question
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?
Options
- AMan trap
- BTailgating
- CShoulder surfing
- DSocial engineering
Explanation
Tailgating is the physical security attack where an unauthorized person follows an authorized individual through a secured entry point without using their own credentials.
Common mistakes.
- A. A man trap is a physical security countermeasure consisting of a small room with two interlocking doors designed to prevent tailgating - it is a defensive control, not an attack technique.
- C. Shoulder surfing involves observing someone's screen, keyboard, or PIN entry to steal credentials or sensitive information and requires line-of-sight, not unauthorized physical entry.
- D. Social engineering is a broad category of attacks that manipulate people psychologically; while tailgating can involve a social element, the specific action of physically following someone through a gate is classified as tailgating.
Concept tested. Physical security attack - tailgating access control bypass
Reference. https://www.cisa.gov/sites/default/files/publications/CISA_Insider_Threat_Mitigation_Guide_508.pdf
Community Discussion
No community discussion yet for this question.