GIAC
GCIH · Question #96
GCIH Question #96: Real Exam Question with Answer & Explanation
The correct answer is B: Shoulder surfing attack. Shoulder surfing is the act of covertly observing someone's screen or keystrokes in person to steal credentials or sensitive information.
Reconnaissance, Scanning, and Enumeration
Question
Which of the following types of attacks is often performed by looking surreptitiously at the keyboard or monitor of an employee's computer?
Options
- ABuffer-overflow attack
- BShoulder surfing attack
- CMan-in-the-middle attack
- DDenial-of-Service (DoS) attack
Explanation
Shoulder surfing is the act of covertly observing someone's screen or keystrokes in person to steal credentials or sensitive information.
Common mistakes.
- A. A buffer-overflow attack exploits insufficient bounds checking in software memory allocation and has no physical observation component.
- C. A man-in-the-middle attack intercepts network communications between two parties and operates at the network or protocol layer, not through physical observation.
- D. A Denial-of-Service attack floods a target with traffic to exhaust its resources and does not involve observing an employee's physical workspace.
Concept tested. Social engineering - shoulder surfing physical attack
Reference. https://www.imperva.com/learn/application-security/social-engineering-attack/
Topics
#shoulder surfing#physical security#social engineering#information theft
Community Discussion
No community discussion yet for this question.