A security administrator forgets their card to access the server room. The administrator asks a coworker if they could use their card for the day. Which of the
following is the administrator using to gain access to the server room?

A.
Man-in-the-middle

B.
Tailgating

C.
Impersonation

D.
Spoofing

Explanation:
Impersonation is where a person, computer, software application or service pretends to be someone or something it’s not. Impersonation is commonly nonmaliciously used in client/server applications. However, it can also be used as a security threat.
In this question, by using the coworker’s card, the security administrator is `impersonating’ the coworker. The server room locking system and any logging systems
will `think’ that the coworker has entered the server room.
Incorrect Answers:
A: In cryptography and computer security, a man-in-the-middle attack is an attack where the attacker secretly relays and possibly alters the communication
between two parties who believe they are directly communicating with each other. One example is active eavesdropping, in which the attacker makes independent
connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in
fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject
new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert
himself as a man-in-the-middle. This is not what is described in this question. Therefore, this answer is incorrect.
B: Just as a driver can tailgate another driver’s car by following too closely, in the security sense, tailgating means to compromise physical security by following
somebody through a door meant to keep out intruders. Tailgating is actually a form of social engineering, whereby someone who is not authorized to enter a
particular area does so by following closely behind someone who is authorized. If the security administrator had followed the co-worker into the server room, that
would be an example of tailgating. However, borrowing the co-worker’s card is not tailgating.
Therefore, this answer is incorrect.
D: There are several kinds of spoofing including email, caller ID, MAC address, and uniform resource locator (URL) spoof attacks. All types of spoofing are
designed to imitate something or someone.
Email spoofing (or phishing), used by dishonest advertisers and outright thieves, occurs when email is sent with falsified “From:” entry to try and trick victims that
the message is from a friend, their bank, or some other legitimate source. Any email that claims it requires your password or any personal information could be a
trick. If the security administrator had created a card the same as the co-worker’s card, that could be an example of spoofing. However, borrowing the co-worker’s
card is not spoofing. Therefore, this answer is incorrect.

http://en.wikipedia.org/wiki/Man-in-the-middle_attack

http://www.yourdictionary.com/tailgating