Ethical Hacking Essentials Practice Test

When an outsider compromises an insider to gain access to sensitive material, what is this situation referred to as?

• A. Compromised insider
• B. Malicious insider
• C. Social engineering
• D. Negligent insider

The correct answer is: Compromised insider

The situation described, where an outsider compromises an insider to gain access to sensitive material, is best referred to as a "Compromised insider". This term specifically encompasses scenarios in which an external threat actor manipulates or coerces an insider, often through tactics like social engineering, to reach sensitive information or systems. This phenomenon highlights the vulnerabilities organizations face not only from external attacks but also from their internal personnel who may be exploited. Understanding this concept is crucial in ethical hacking and information security because it emphasizes the importance of insider threat assessments and the training of employees to recognize and resist manipulation tactics. In contrast, the other terms address different contexts: social engineering primarily pertains to the methods used to deceive individuals into divulging information, and while it can be a part of how an outsider compromises an insider, it does not encapsulate the entire scenario. A "malicious insider" refers to someone with legitimate access who intentionally misuses their access for harmful purposes, while a "negligent insider" indicates a person who inadvertently causes a security breach due to carelessness, rather than direct manipulation by an outside party. Thus, “Compromised insider” is the most accurate term for the situation described.