29 Jun Practice Test Question- Physical Attacks
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Twyla recently completed an assessment of her organization’s call center and found that representatives discard paper notes from their calls with customers without shredding. What type of social engineering attack does this practice make her organization vulnerable to?
A. Dumpster diving
B. Shoulder surfing
Correct Answer: A
Discarding notes containing customer information leaves the organization vulnerable to a dumpster diving attack where the attacker retrieves those records from the trash. Twyla should ensure that her organization shreds these records before discarding them. In a shoulder surfing attack, the attacker views a user’s computer while they are entering or viewing sensitive information. Tailgating attacks seek to gain access to physical facilities by following an authorized user. Skimming attacks seek to gain credit card numbers by attaching false readers to legitimate credit card acceptance units.