A penetration tester has been contracted to conduct a physical assessment of a site. Which of the following is the MOST plausible method of social engineering to be conducted during this engagement?
A. Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues
B. Posing as a copier service technician and indicating the equipment had “phoned home” to alert the technician for a service call
C. Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed
D. Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
A would be a pretexting social engineering attempt. Therefore B would seem to be the only physical assessment.
Key point – physical security assessment (as in compromising the physical environment, not hacking) so everything that involves using credentials goes out (i.e. it’s not A)
C is ridiculous, D can get you in prison 🙂
So yeah – B
B imo. A is not a physical assessment.
C/D are just missing a 3d printed mask of an employee and they could be in Mission Impossible ;).
I would go with B just because the questions states “physical assessment”
I would agree with Answer A