nerdexam
EC-Council

312-50V9 · Question #473

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and

The correct answer is B. Tailgating. Tailgating is the physical security attack where an unauthorized person follows an authorized individual through a secured entry point without using their own credentials.

Social Engineering

Question

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

Options

  • AMan trap
  • BTailgating
  • CShoulder surfing
  • DSocial engineering

How the community answered

(56 responses)
  • A
    5% (3)
  • B
    86% (48)
  • C
    2% (1)
  • D
    7% (4)

Why each option

Tailgating is the physical security attack where an unauthorized person follows an authorized individual through a secured entry point without using their own credentials.

AMan trap

A man trap is a physical security countermeasure consisting of a small room with two interlocking doors designed to prevent tailgating - it is a defensive control, not an attack technique.

BTailgatingCorrect

Tailgating, sometimes called piggybacking, occurs when an attacker exploits the social norm of holding a door open by physically following an authenticated employee through an access-controlled entry. The consultant in the scenario bypassed the main access gate without presenting credentials by staying close behind the authorized employee. This technique targets physical access controls rather than technical ones and is a common first step in on-site penetration tests.

CShoulder surfing

Shoulder surfing involves observing someone's screen, keyboard, or PIN entry to steal credentials or sensitive information and requires line-of-sight, not unauthorized physical entry.

DSocial engineering

Social engineering is a broad category of attacks that manipulate people psychologically; while tailgating can involve a social element, the specific action of physically following someone through a gate is classified as tailgating.

Concept tested: Physical security attack - tailgating access control bypass

Source: https://www.cisa.gov/sites/default/files/publications/CISA_Insider_Threat_Mitigation_Guide_508.pdf

Topics

#tailgating#physical penetration testing#access control bypass#social engineering

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice