New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSAP Exam - Topic 4 Question 21 Discussion

Actual exam question for ISC2's ISSAP exam
Question #: 21
Topic #: 4
[All ISSAP Questions]

In which of the following Person-to-Person social engineering attacks does an attacker pretend to be an outside contractor, delivery person, etc., in order to gain physical access to the organization?

Show Suggested Answer Hide Answer
Suggested Answer: C

Impersonation: In the impersonation social engineering attack, an attacker pretends to be someone else, for example, the employee's

friend, a repairman, or a delivery person.

In Person Attack: In this attack, the attacker just visits the organization and collects information. To accomplish such an attack, the

attacker can call a victim on the phone, or might simply walk into an office and pretend to be a client or a new worker.

Important User Posing: In this attack, the attacker pretends to be an important member of the organization. This attack works

because there is a common belief that it is not good to question authority.

Third-Party Authorization: In this attack, the attacker tries to make the victim believe that he has the approval of a third party. This

works because people believe that most people are good and they are being truthful about what they are saying.


by Mollie at May 08, 2022, 07:42 AM

Limited Time Offer

25%

Off

Get Premium ISSAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dustin
4 months ago
Totally agree with C, it's all about pretending to be someone else!
upvoted 0 times
...
Odette
4 months ago
Wait, are we sure it's not B? That sounds plausible.
upvoted 0 times
...
Aaron
4 months ago
C makes the most sense, but A could fit too.
upvoted 0 times
...
Jaleesa
4 months ago
I think it's A, in-person attacks are super common!
upvoted 0 times
...
Felicitas
5 months ago
Definitely C, that's the classic impersonation tactic.
upvoted 0 times
...
Margart
5 months ago
I vaguely recall that third-party authorization attacks involve gaining access through someone else’s permission, so I don’t think that’s it.
upvoted 0 times
...
Argelia
5 months ago
I’m a bit confused; I thought in-person attacks were more about direct interaction, but this seems to fit that description too.
upvoted 0 times
...
Tu
5 months ago
I remember practicing a question about social engineering tactics, and I feel like pretending to be a contractor fits the definition of an impersonation attack.
upvoted 0 times
...
Lizette
5 months ago
I think this might be related to impersonation attacks, but I'm not entirely sure if that's the exact term used.
upvoted 0 times
...
Gwen
5 months ago
Based on my understanding, HPE Composer can manage the Synergy compute modules and the Virtual Connect modules. Those seem to be the two correct answers here.
upvoted 0 times
...
Ling
5 months ago
Okay, let's see. The question is asking about performance management capabilities, so I'm guessing options like "Goals" and "Competencies" are likely to be correct. I'll select those and see if I can come up with one more.
upvoted 0 times
...
Kirk
5 months ago
Hmm, not sure about this one. I'd probably start by assessing the budget impact, since that's going to be a key consideration in how we approach the new requirement.
upvoted 0 times
...

Save Cancel