Ethical Hacking Essentials Practice Test

Which type of social engineering attack often involves tricking individuals by posing as a trusted official?

• A. Impersonation
• B. Piggybacking
• C. Eavesdropping
• D. Phishing

The correct answer is: Impersonation

Impersonation is a type of social engineering attack where the attacker presents themselves as a trusted official or authority figure to deceive individuals into divulging confidential information or performing actions that compromise security. This method relies heavily on the target's trust and willingness to comply with requests coming from someone they believe is legitimate. For example, an attacker might pose as an IT technician or a company executive, using social norms and the power of authority to manipulate individuals into sharing sensitive data, such as passwords or access to secure areas. The other options reflect different tactics used in social engineering. Piggybacking involves an unauthorized person gaining access to a secure area by following an authorized person, leveraging their access rather than pretending to be someone else. Eavesdropping pertains to listening in on private conversations or communications to gain information without consent. Phishing typically involves fraudulent attempts to acquire sensitive information through deceptive emails or messages, usually not requiring direct impersonation of a person in authority but instead often masquerading as a legitimate organization. Each of these concepts highlights different methodologies within the broader social engineering landscape, but impersonation specifically focuses on the act of deception through false identity.