nerdexam
EC-Council

312-50V9 · Question #613

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking d

The correct answer is B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or. When technical controls make direct exploitation infeasible, social engineering - targeting a human insider - is the most effective method to penetrate a hardened system.

Social Engineering

Question

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

Options

  • ALook for "zero-day" exploits at various underground hacker websites in Russia and China and
  • BTry to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or
  • CLaunch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000
  • DTry to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn

How the community answered

(23 responses)
  • A
    4% (1)
  • B
    74% (17)
  • C
    13% (3)
  • D
    9% (2)

Why each option

When technical controls make direct exploitation infeasible, social engineering - targeting a human insider - is the most effective method to penetrate a hardened system.

ALook for "zero-day" exploits at various underground hacker websites in Russia and China and

Zero-day exploits from underground forums may not exist for a specific mainframe platform and still require network-level access, which the question implies is not achievable through conventional hacking.

BTry to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid orCorrect

Hanging around locations near the target organization to identify and cultivate a disgruntled or poorly-paid employee is a classic social engineering technique known as 'insider recruitment.' Because the employee already has authorized access, the attacker bypasses all technical perimeter defenses entirely; no firewall, IDS, or encryption can stop a legitimate insider acting maliciously or negligently.

CLaunch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000

A large-scale DDoS against routers and firewalls disrupts availability but does not grant the attacker access to the mainframe's classified data, which is the stated objective.

DTry to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn

A MitM attack requires the attacker to already have a foothold within the network path, which contradicts the premise that conventional network hacking is ineffective against this target.

Concept tested: Social engineering insider recruitment against hardened targets

Source: https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final

Topics

#social engineering#physical security#insider access#impenetrable systems

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice