Which of the following are types of social engineering attacks?
Each correct Answer represents a complete solution. Choose two.

A.
An unauthorized person gains entrance to the building where the company’s database server
resides and accesses the server by pretending to be an employee.

B.
An unauthorized person inserts an intermediary software or program between two
communicating hosts to listen to and modify the communication packets passing between the
two hosts.

C.
An unauthorized person calls a user and pretends to be a system administrator in order to get
the user’s password.

D.
An unauthorized person modifies packet headers by using someone else’s IP address to
his identity.

Explanation:

Following are the types of social engineering attacks:
1.An unauthorized person calls a user and pretends to be a system administrator in order to get the
user’s password.
2.An unauthorized person gains entrance to the building where the company’s database server
resides and accesses the server by pretending to be an employee.
A social engineering attack is based on misleading users or administrators at the target site. Social
engineering attacks are usually carried out by telephoning users or operators and pretending to be
an authorized user in order to gain unauthorized access to systems. Answer option D is incorrect.
Spoofing is a technique that makes a transmission appear to have come from an authentic source by
forging the
IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using
someone else’s IP address to his identity. However, spoofing cannot be used while surfing the
Internet, chatting on-line, etc. because forging the source IP address causes the responses to be
misdirected.