A penetration tester has been contracted to conduct a physical assessment of a site. Which of the following is the MOST plausible method of social engineering to be conducted during this engagement?
A.
Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues
B.
Posing as a copier service technician and indicating the equipment had ג€phoned homeג€ to alert the technician for a service call
C.
Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed
D.
Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility
Its B , conduct a physical assessment, also they have asked for a plausible one. calling the employees is not a part of physical assessment. try an illness will attract too much attention and they will likely send you to a hospital. whereas posing a police officer is not legal
I say A. "The definition of plausible is something that is highly likely." It is HIGHLY likely someone would pose as a Help Desk Technician requiring user password to resolve issues. Oldest play in the book, taking a chance of actually going to a site and risking the camera capturing your face is not a good idea and it is NOT plausible.
Definitely B.
A has nothing to do with a physical assessment. B will validate that the site is physically secure--if someone shows up claiming to be a copy technician their job and service order should be validated before they're allowed into the building, probably with a badge and definitely signing in at reception.
As stated earlier, simulating illness would not be an effective strategy and impersonating LEO is highly illegal. There is nothing illegal about pretending to fix copy machines.
The question starts at Which of the following...the most plausible method of social engineering would be A from the list...don't get hanged-up on the entire question as the scenario is trying to throw you off...break the question up.
Posing as a repairman is definitely a form of social engineering. It's specifically a form of social engineering through impersonation. There are many forms of social engineering, but all attempt to gain a level of trust by exploiting a human element to gain access or obtain information.
I only disagree as Physical access and Social engineering in security are always separated. This question is the only place I have ever seen it as potentially as the answer.
I am still sticking with A.
Disagree. Social engineering is manipulating people to gain access to systems/environments. B is 100% the answer. A has nothing to do with a "physical assesment".
I think its A. Social engineering is the act of posing as a known entity to acquire information. In this case - Posing as Helpdesk to gain a password
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CAS-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
twintech
Highly Voted 5 years, 1 month agophatboy
Highly Voted 5 years, 4 months agoRaATX
Most Recent 2 years, 10 months agocvMikazuki
3 years, 7 months agoJunbug
4 years, 1 month agoMara03
4 years, 2 months agoTheThreatGuy
4 years, 4 months agoLecky
4 years, 7 months agoTrap_D0_r
4 years, 4 months agoboblee
4 years, 8 months agoRomex
4 years, 11 months agozgwy1234
4 years, 11 months agoPDVS
5 years, 1 month agokpham90
5 years, 1 month agoPDVS
5 years agoTheThreatGuy
4 years, 4 months agoPDVS
5 years, 1 month agotek
5 years, 3 months ago