Certified Information Systems Auditor (CISA) — Question 1253

Which of the following is a social engineering attack method?

Answer options

• A. A hacker walks around an office building using scanning tools to search for a wireless network to gain access.
• B. An employee is induced to reveal confidential IP addresses and passwords by answering questions over the phone.
• C. An unauthorized person attempts to gain access to secure premises by following an authorized person through a secure door.
• D. An intruder eavesdrops and collects sensitive information flowing through the network and sells it to third parties.

Correct answer: B

Explanation

The correct answer is B because it illustrates a direct manipulation of an individual to extract confidential information, which is characteristic of social engineering. Options A and C describe physical intrusion methods, while option D refers to eavesdropping, which does not involve directly deceiving individuals for information.