Certified Ethical Hacker (CEH v12) — Question 176

During a reconnaissance mission, an ethical hacker uses Maltego, a popular footprinting tool, to collect information about a target organization. The information includes the target's Internet infrastructure details (domains, DNS names, Netblocks, IP address information). The hacker decides to use social engineering techniques to gain further information. Which of the following would be the least likely method of social engineering to yield beneficial information based on the data collected?

Answer options

• A. Dumpster diving in the target company's trash bins for valuable printouts
• B. Impersonating an ISP technical support agent to trick the target into providing further network details
• C. Shoulder surfing to observe sensitive credentials input on the target’s computers
• D. Eavesdropping on internal corporate conversations to understand key topics

Correct answer: C

Explanation

Shoulder surfing, while a valid social engineering technique, is the least likely method to yield beneficial information in this context since it relies on being physically present to witness credentials being entered. In contrast, dumpster diving, impersonation, and eavesdropping can provide direct access to sensitive information or insights related to the target organization that may not be available through observation alone.