(301) When conducting a risk assessment, which one of the following is NOT an acceptable social engineering practice?
A. Shoulder surfing
D. Dumpster diving
Correct Answer: A
Shoulder Surfing: Attackers can thwart confidentiality mechanisms by network monitoring, shoulder surfing, stealing password files, and social engineering. These topics will be address more in-depth in later chapters, but shoulder surfing is when a person looks over another person's shoulder and watches keystrokes or data as it appears on the screen. Social engineering is tricking another person into sharing confidential information by posing as an authorized individual to that information. Shon Harris: CISSP Certification pg. 63. Shoulder surfing is not social engineering.
- Idham Azhari