nerdexam
Exams312-50V9Questions#613
EC-Council

312-50V9 · Question #613

312-50V9 Question #613: Real Exam Question with Answer & Explanation

The correct answer is B: Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or. When technical controls make direct exploitation infeasible, social engineering - targeting a human insider - is the most effective method to penetrate a hardened system.

Question

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

Options

  • ALook for "zero-day" exploits at various underground hacker websites in Russia and China and
  • BTry to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or
  • CLaunch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000
  • DTry to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn

Explanation

When technical controls make direct exploitation infeasible, social engineering - targeting a human insider - is the most effective method to penetrate a hardened system.

Common mistakes.

  • A. Zero-day exploits from underground forums may not exist for a specific mainframe platform and still require network-level access, which the question implies is not achievable through conventional hacking.
  • C. A large-scale DDoS against routers and firewalls disrupts availability but does not grant the attacker access to the mainframe's classified data, which is the stated objective.
  • D. A MitM attack requires the attacker to already have a foothold within the network path, which contradicts the premise that conventional network hacking is ineffective against this target.

Concept tested. Social engineering insider recruitment against hardened targets

Reference. https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice