PrepAway - Latest Free Exam Questions & Answers

Which of the following best describes masquerading?

There are several methods an intruder can use to gain access to company assets. Which of the following best describes masquerading?

PrepAway - Latest Free Exam Questions & Answers

A.
Changing an IP packet’s source address

B.
Elevating privileges to gain access

C.
An attempt to gain unauthorized access as another user

D.
Creating a new authorized user with hacking tools

Explanation:
C: Masquerading is an attempt to gain unauthorized access by impersonating an authorized user. Masquerading is commonly used by attackers carrying out phishing attacks
and has been around for a long time. For example, in 1996 hackers posed as AOL staff members and sent messages to victims asking for their passwords in order to verify
correct billing information or verify information about the AOL accounts. Today, phishers often masquerade as large banking companies and well-known Internet entities like
Amazon.com and eBay. Masquerading is a type of active attack because the attacker is actually doing something instead of sitting back and gathering data.
A is incorrect because changing an IP packet’s source address is an example of masquerading and not a definition of masquerading. IP spoofing is the act of presenting false
information within packets, to trick other systems and hide the origin of the message. This is usually done by hackers so that their identity cannot be successfully uncovered.
B is incorrect because elevating privileges is not part of masquerading. Elevating privileges is often the next step after being able to penetrate a system successfully, but it
does not have anything to do directly with fooling a user or system about the attacker’s true identity.
D is incorrect because masquerading involves commonly posing as an authorized user that already exists in the system the attacker is attempting to access. It is common for
the attacker then to attempt to create a new authorized user account on a compromised system, but successful masquerading has to happen first.


Leave a Reply