ISC2 Exam ISSAP Topic 4 Question 21 Discussion

Actual exam question for ISC2's Information Systems Security Architecture Professional exam

Question #: 21
Topic #: 4

[All Information Systems Security Architecture Professional Questions]

In which of the following Person-to-Person social engineering attacks does an attacker pretend to be an outside contractor, delivery person, etc., in order to gain physical access to the organization?

AIn person attack

BThird-party authorization attack

CImpersonation attack

DImportant user posing attack

Show Suggested Answer

Suggested Answer: C

Impersonation: In the impersonation social engineering attack, an attacker pretends to be someone else, for example, the employee's

friend, a repairman, or a delivery person.

In Person Attack: In this attack, the attacker just visits the organization and collects information. To accomplish such an attack, the

attacker can call a victim on the phone, or might simply walk into an office and pretend to be a client or a new worker.

Important User Posing: In this attack, the attacker pretends to be an important member of the organization. This attack works

because there is a common belief that it is not good to question authority.

Third-Party Authorization: In this attack, the attacker tries to make the victim believe that he has the approval of a third party. This

works because people believe that most people are good and they are being truthful about what they are saying.

by Mollie at May 08, 2022, 07:42 AM

Limited Time Offer

25%

Off

Get Premium ISSAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!