The information security policy that states ‘each individual must have their badge read at every controlled door’
addresses which of the following attack methods?

A.
Piggybacking

B.
Shoulder surfing

C.
Dumpster diving

D.
Impersonation

Explanation:
Piggybacking refers to unauthorized persons following authorized persons, either physically or virtually, into
restricted areas. This policy addresses the polite behavior problem of holding doors open for a stranger, if every
employee must have their badge read at every controlled door no unauthorized person could enter the sensitive
are A. Looking over the shoulder of a user to obtain sensitive information could be done by an unauthorized
person who has gained access to areas using piggybacking,but this policy specifically refers to physical access
control. Shoulder surfing would not be prevented by the implementation of this policy. Dumpster diving, looking
through an organization’s trash for valuable information, could be done outside the company’s physical
perimeter; therefore, this policy would not address this attack method. Impersonation refers to a social engineer
acting as an employee, trying to retrieve the desired information. Some forms of social engineering attacks
could join an impersonation attack and piggybacking, but this information security policy does not address the
impersonation attack.