When conducting a risk assessment, which one of the following is NOT an acceptable social
engineering practice?
A.
Shoulder surfing
B.
Misrepresentation
C.
Subversion
D.
Dumpster diving
Explanation:
Shoulder Surfing: Attackers can thwart confidentiality mechanisms by network monitoring,
shoulder surfing, stealing password files, and social engineering. These topics will be address
more in-depth in later chapters, but shoulder surfing is when a person looks over another person’s
shoulder and watches keystrokes or data as it appears on the screen. Social engineering is
tricking another person into sharing confidential information by posing as an authorized individual
to that information. Shon Harris: CISSP Certification pg. 63. Shoulder surfing is not social
engineering.
check
Where does Ms Harris say in the quote from her that Shoulder Surfing is not an ‘acceptable social engineering practice’ but misrepresentation ans subversion are ?
Dumpster diving is not social engineering either…
In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network.
Social engineering can range from simple lying (such as a false description of the
function of a file), to bullying and intimidation (to pressure a low-level employee into
disclosing information), to association with a trusted source (such as the username from
an infected machine), to dumpster diving (to find potentially valuable information people
have carelessly discarded), to shoulder surfing (to find out personal identification
numbers and passwords).
I am outta here