Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.

In a recent social engineering attack, the attacker found an employee of the target company at his gym and struck up a friendship there for several months before trying to slowly extract sensitive corporate information from the employee. What principle of social engineering is the attacker trying to exploit?
A. Urgency
B. Authority
C. Familiarity
D. Consensus
Correct Answer: C
This is a clear example of familiarity and liking. The attacker built up a relationship over time with the employee until they had a strong bond. He then leveraged that relationship to slowly extract information from the target.