(301) When conducting a risk assessment, which one of the following is
NOT an acceptable social engineering practice?
A. Shoulder surfing
B. Misrepresentation
C. Subversion
D. Dumpster diving
Correct Answer: A
Explanation/Reference:
Explanation:
Shoulder Surfing: Attackers can thwart
confidentiality mechanisms by network monitoring, shoulder surfing, stealing
password files, and social engineering. These topics will be address more
in-depth in later chapters, but shoulder surfing is when a person looks over
another person's shoulder and watches keystrokes or data as it appears on the
screen. Social engineering is tricking another person into sharing confidential
information by posing as an authorized individual to that information. Shon
Harris: CISSP Certification pg. 63. Shoulder surfing is not social engineering.
- Muhammad Idham Azhari
No comments:
Post a Comment