nerdexam
GIAC

GSLC · Question #20

GSLC Question #20: Real Exam Question with Answer & Explanation

The correct answer is A. An unauthorized person calls a user and pretends to be a system administrator in order to get the D. An unauthorized person gains entrance to the building where the company's database server resides. Social engineering attacks manipulate people through deception or physical means rather than exploiting technical vulnerabilities.

Question

Which of the following are types of social engineering attacks? Each correct answer represents a complete solution. Choose two.

Options

  • AAn unauthorized person calls a user and pretends to be a system administrator in order to get the
  • BAn unauthorized person inserts an intermediary software or program between two communicating
  • CAn unauthorized person modifies packet headers by using someone else's IP address to hide his
  • DAn unauthorized person gains entrance to the building where the company's database server resides

Explanation

Social engineering attacks manipulate people through deception or physical means rather than exploiting technical vulnerabilities.

Common mistakes.

  • B. Inserting intermediary software between two communicating parties describes a man-in-the-middle attack, which is a technical network-based attack, not a social engineering attack.
  • C. Modifying packet headers using someone else's IP address describes IP spoofing, which is a technical attack exploiting network protocols, not a manipulation of human behavior.

Concept tested. Social engineering attack types - pretexting and tailgating

Reference. https://www.cisa.gov/resources-tools/resources/social-engineering-attacks

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSLC Practice