nerdexam
CompTIA

SY0-301 · Question #94

Using proximity card readers instead of the traditional key punch doors would help to mitigate:

The correct answer is D. Shoulder surfing. Key punch (PIN pad) doors require a user to visibly type a code, making them vulnerable to shoulder surfing. Proximity card readers eliminate visible code entry, removing the opportunity for an observer to capture credentials.

Threats, vulnerabilities, and mitigations

Question

Using proximity card readers instead of the traditional key punch doors would help to mitigate:

Options

  • AImpersonation
  • BTailgating
  • CDumpster diving
  • DShoulder surfing

How the community answered

(17 responses)
  • A
    12% (2)
  • C
    6% (1)
  • D
    82% (14)

Why each option

Key punch (PIN pad) doors require a user to visibly type a code, making them vulnerable to shoulder surfing. Proximity card readers eliminate visible code entry, removing the opportunity for an observer to capture credentials.

AImpersonation

Impersonation involves pretending to be an authorized user, which proximity cards alone do not prevent since a stolen card can still be used.

BTailgating

Tailgating occurs when an unauthorized person follows an authorized one through a controlled door, and proximity cards do not inherently prevent someone from following closely behind.

CDumpster diving

Dumpster diving involves retrieving discarded physical documents or media and is unrelated to the door access method used.

DShoulder surfingCorrect

Shoulder surfing is the attack where an observer watches someone enter a PIN or password. Proximity cards replace visible PIN entry with a card tap, so there is no code for an attacker to observe. This directly mitigates the risk of credential theft through visual observation at the door.

Concept tested: Physical security controls - shoulder surfing mitigation

Source: https://csrc.nist.gov/glossary/term/shoulder_surfing

Topics

#physical security#shoulder surfing#access control#proximity card

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice