nerdexam
(ISC)2

CISSP · Question #40

While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the atta

The correct answer is C. Social engineering. Social engineering is the method of information gathering that the attacker has used while impersonating an ISO and obtaining information from company employees about their User IDs and passwords. Social engineering is a technique of manipulating or deceiving people into revealin

Submitted by rania.sa· Mar 5, 2026Security and Risk Management

Question

While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?

Options

  • ATrusted path
  • BMalicious logic
  • CSocial engineering
  • DPassive misuse

How the community answered

(40 responses)
  • A
    5% (2)
  • C
    93% (37)
  • D
    3% (1)

Explanation

Social engineering is the method of information gathering that the attacker has used while impersonating an ISO and obtaining information from company employees about their User IDs and passwords. Social engineering is a technique of manipulating or deceiving people into revealing confidential or sensitive information, or performing actions that compromise the security of an organization or a system. Social engineering can exploit the human factors, such as trust, curiosity, fear, or greed, to influence the behavior or judgment of the target. Social engineering can take various forms, such as phishing, baiting, pretexting, or impersonation. Trusted path, malicious logic, and passive misuse are not methods of information gathering that the attacker has used, as they are related to different aspects of security or attack.

Topics

#social engineering#impersonation#credential theft

Community Discussion

No community discussion yet for this question.

Full CISSP Practice