PrepAway - Latest Free Exam Questions & Answers

Which of the following is the administrator using to gain access to the server room?

A security administrator forgets their card to access the server room. The administrator asks a coworker if
they could use their card for the day. Which of the following is the administrator using to gain access to
the server room?

PrepAway - Latest Free Exam Questions & Answers

A.
Man-in-the-middle

B.
Tailgating

C.
Impersonation

D.
Spoofing

Explanation:
Impersonation is where a person, computer, software application or service pretends to be someone or
something it’s not. Impersonation is commonly non-maliciously used in client/server applications.
However, it can also be used as a security threat.
In this question, by using the coworker’s card, the security administrator is ‘impersonating’ the coworker.
The server room locking system and any logging systems will ‘think’ that the coworker has entered the
server room.
Incorrect Answers:
A: In cryptography and computer security, a man-in-the-middle attack is an attack where the attacker
secretly relays and possibly alters the communication between two parties who believe they are directly
communicating with each other. One example is active eavesdropping, in which the attacker makes
independent connections with the victims and relays messages between them to make them believe they
are talking directly to each other over a private connection, when in fact the entire conversation is
controlled by the attacker. The attacker must be able to intercept all relevant messages passing between
the two victims and inject new ones. This is straightforward in many circumstances; for example, an
attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a
man-in-the-middle. This is not what is described in this question.
B: Just as a driver can tailgate another driver’s car by following too closely, in the security sense, tailgating
means to compromise physical security by following somebody through a door meant to keep out
intruders. Tailgating is actually a form of social engineering, whereby someone who is not authorized to
enter a particular area does so by following closely behind someone who is authorized. If the security
administrator had followed the co-worker into the server room, that would be an example of tailgating.
However, borrowing the co-worker’s card is not tailgating.
D: There are several kinds of spoofing including email, caller ID, MAC address, and uniform resource
locator (URL) spoof attacks. All types of spoofing are designed to imitate something or someone.
Email spoofing (or phishing), used by dishonest advertisers and outright thieves, occurs when email is
sent with falsified “From:” entry to try and trick victims that the message is from a friend, their bank, or
some other legitimate source. Any email that claims it requires your password or any personal
information could be a trick. If the security administrator had created a card the same as the co-worker’s
card, that could be an example of spoofing. However, borrowing the co-worker’s card is not spoofing.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
http://www.yourdictionary.com/tailgating


Leave a Reply