PrepAway - Latest Free Exam Questions & Answers

which of the following attack methods?

The information security policy that states ‘each individual must have their badge read at every
controlled door’ addresses which of the following attack methods?

PrepAway - Latest Free Exam Questions & Answers

A.
Piggybacking

B.
Shoulder surfing

C.
Dumpster diving

D.
Impersonation

Explanation:

Piggybacking refers to unauthorized persons following authorized persons, either physically or

virtually, into restricted areas. This policy addresses the polite behavior problem of holding doors
open for a stranger, if every employee must have theirbadge read at every controlled door no
unauthorized person could enter the sensitive areA. Looking over the shoulder of a user to obtain
sensitive information could be done by an unauthorized person who has gained access to areas
using piggybacking,but this policy specifically refers to physical access control. Shoulder surfing
would not be prevented by the implementation of this policy. Dumpster diving, looking through an
organization’s trash for valuable information, could be done outside the company’s physical
perimeter; therefore, this policy would not address this attack method. Impersonation refers to a
social engineer acting as an employee, trying to retrieve the desired information. Some forms of
social engineering attacks could join an impersonation attack and piggybacking, but this
information security policy does not address the impersonation attack.


Leave a Reply