Question

A penetration tester has been contracted to conduct a physical assessment of a site.

Which of the following is the MOST plausible method of social engineering to be conducted during this engagement?

A. Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues

B. Posing as a copier service technician and indicating the equipment had ג€phoned homeג€ to alert the technician for a service call

C. Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed

D. Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility

Answer 1

Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility is the most plausible method of social engineering during a physical assessment.

Step-by-step explanation:

The most plausible method of social engineering to be conducted during a physical assessment of a site would be:

D. Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility

This method involves using deception to gain unauthorized access to a facility by posing as a law enforcement officer. By impersonating an authority figure, the social engineer can manipulate employees into granting them access, bypassing security measures.

Social engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing, spear phishing, and CEO Fraud are all examples.

As one of the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims.