312-50V9 · Question #473
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and
The correct answer is B. Tailgating. Tailgating is the physical security attack where an unauthorized person follows an authorized individual through a secured entry point without using their own credentials.
Question
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?
Options
- AMan trap
- BTailgating
- CShoulder surfing
- DSocial engineering
How the community answered
(56 responses)- A5% (3)
- B86% (48)
- C2% (1)
- D7% (4)
Why each option
Tailgating is the physical security attack where an unauthorized person follows an authorized individual through a secured entry point without using their own credentials.
A man trap is a physical security countermeasure consisting of a small room with two interlocking doors designed to prevent tailgating - it is a defensive control, not an attack technique.
Tailgating, sometimes called piggybacking, occurs when an attacker exploits the social norm of holding a door open by physically following an authenticated employee through an access-controlled entry. The consultant in the scenario bypassed the main access gate without presenting credentials by staying close behind the authorized employee. This technique targets physical access controls rather than technical ones and is a common first step in on-site penetration tests.
Shoulder surfing involves observing someone's screen, keyboard, or PIN entry to steal credentials or sensitive information and requires line-of-sight, not unauthorized physical entry.
Social engineering is a broad category of attacks that manipulate people psychologically; while tailgating can involve a social element, the specific action of physically following someone through a gate is classified as tailgating.
Concept tested: Physical security attack - tailgating access control bypass
Source: https://www.cisa.gov/sites/default/files/publications/CISA_Insider_Threat_Mitigation_Guide_508.pdf
Topics
Community Discussion
No community discussion yet for this question.