GIAC Certified Enterprise Defender (GCED) — Question 8

Michael, a software engineer, added a module to a banking customers code. The new module deposits small amounts of money into his personal bank account.
Michael has access to edit the code, but only code reviewers have the ability to commit modules to production. The code reviewers have a backlog of work, and are often willing to trust the software developers testing and confidence in the code.
Which technique is Michael most likely to engage to implement the malicious code?

Answer options

• A. Denial of Service
• B. Race Condition
• C. Phishing
• D. Social Engineering

Correct answer: C

Explanation

The correct answer is C, Phishing, as Michael could trick someone into giving him access to commit his malicious code. Denial of Service is aimed at disrupting services, Race Condition pertains to timing issues in concurrent processes, and Social Engineering involves manipulating individuals, but in this case, Michael's approach aligns more closely with Phishing since he needs to deceive reviewers into trusting his changes.