Physical documents must be incinerated after a set retention period is reached. Which of the
following attacks does this action remediate?

A.
Shoulder Surfing

B.
Dumpster Diving

C.
Phishing

D.
Impersonation

Explanation:
Incinerating documents (or shredding documents) instead of throwing them into a bin will prevent
people being able to read the documents to view sensitive information.
Dumpster diving is looking for treasure in someone else’s trash. (A dumpster is a large trash
container.) In the world of information technology, dumpster diving is a technique used to retrieve
information that could be used to carry out an attack on a computer network. Dumpster diving isn’t
limited to searching through the trash for obvious treasures like access codes or passwords
written down on sticky notes. Seemingly innocent information like a phone list, calendar, or
organizational chart can be used to assist an attacker using social engineering techniques to gain
access to the network. To prevent dumpster divers from learning anything valuable from your
trash, experts recommend that your company establish a disposal policy where all paper, including
print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased,
and all staff is educated about the danger of untracked trash.