PrepAway - Latest Free Exam Questions & Answers

Which of the following attacks occurred LAST?

Sara, an attacker, is recording a person typing in their ID number into a keypad to gain access to the
building. Sara then calls the helpdesk and informs them that their PIN no longer works and would like to
change it. Which of the following attacks occurred LAST?

PrepAway - Latest Free Exam Questions & Answers

A.
Phishing

B.
Shoulder surfing

C.
Impersonation

D.
Tailgating

Explanation:
Two attacks took place in this question. The first attack was shoulder surfing. This was the act of Sara
recording a person typing in their ID number into a keypad to gain access to the building.
The second attack was impersonation. Sara called the helpdesk and used the PIN to impersonate the
person she recorded.
Incorrect Answers:
A: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate
enterprise in an attempt to scam the user into surrendering private information that will be used for
identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information,
such as a password, credit card, social security, or bank account numbers, that the legitimate organizationalready has. The website, however, is bogus and set up only to steal the information the user enters on
the page.
Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of
people, the “phisher” counts on the email being read by a percentage of people who actually have an
account with the legitimate company being spoofed in the email and corresponding webpage.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait
is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.
No examples of phishing occurred in this question.
B: Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to
get information. Shoulder surfing is an effective way to get information in crowded places because it’s
relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM
machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with
the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend
that you shield paperwork or your keypad from view by using your body or cupping your hand. Shoulder
surfing was the first attack in this question. This was the act of Sara recording a person typing in their ID
number into a keypad to gain access to the building.
D: Just as a driver can tailgate another driver’s car by following too closely, in the security sense, tailgating
means to compromise physical security by following somebody through a door meant to keep out
intruders. Tailgating is actually a form of social engineering, whereby someone who is not authorized to
enter a particular area does so by following closely behind someone who is authorized.
No examples of tailgating occurred in this question.

http://www.webopedia.com/TERM/P/phishing.html
http://searchsecurity.techtarget.com/definition/shoulder-surfing
http://www.yourdictionary.com/tailgating


Leave a Reply