PrepAway - Latest Free Exam Questions & Answers

Which of the following does this describe?

At the outside break area, an employee, Ann, asked another employee to let her into the building
because her badge is missing. Which of the following does this describe?

PrepAway - Latest Free Exam Questions & Answers

A.
Shoulder surfing

B.
Tailgating

C.
Whaling

D.
Impersonation

Explanation:
Although Ann is an employee and therefore authorized to enter the building, she does not have her
badge and therefore strictly she should not be allowed to enter the building.Just as a driver can tailgate another driver’s car by following too closely, in the security sense, tailgating
means to compromise physical security by following somebody through a door meant to keep out
intruders. Tailgating is actually a form of social engineering, whereby someone who is not authorized to
enter a particular area does so by following closely behind someone who is authorized.
Incorrect Answers:
A: Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to
get information. Shoulder surfing is an effective way to get information in crowded places because it’s
relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM
machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with
the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend
that you shield paperwork or your keypad from view by using your body or cupping your hand.
Incinerating documents will not prevent shoulder surfing. Ann is not trying to view sensitive information.
Therefore this answer is incorrect.
C: Whaling is a specific kind of malicious hacking within the more general category of phishing, which
involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on
collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or
others in powerful positions or job titles.
Hackers who engage in whaling often describe these efforts as “reeling in a big fish,” applying a familiar
metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those
who are engaged in whaling may, for example, hack into specific networks where these powerful
individuals work or store sensitive data. They may also set up keylogging or other malware on a work
station associated with one of these executives. There are many ways that hackers can pursue whaling,
leading C-level or top-level executives in business and government to stay vigilant about the possibility of
cyber threats. There is no malicious intent by Ann entering the building. Therefore this answer is
incorrect.
D: Impersonation is where a person, computer, software application or service pretends to be someone
it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can
also be used as a security threat. Ann is not trying to ‘impersonate’ someone else. Therefore this answer
is incorrect.
http://www.yourdictionary.com/tailgating
http://searchsecurity.techtarget.com/definition/shoulder-surfing
http://www.techopedia.com/definition/28643/whaling


Leave a Reply