Which term describes social engineering that uses a fabricated scenario to obtain sensitive information?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Exam. Use flashcards and multiple-choice questions with hints and explanations. Enhance your cyber security knowledge and get ready for the exam!

Multiple Choice

Which term describes social engineering that uses a fabricated scenario to obtain sensitive information?

Explanation:
Creating a plausible scenario or persona to coax someone into revealing sensitive information is pretexting. The attacker adopts a believable role—like IT support, a bank employee, or a coworker—and uses that story to persuade the target to disclose credentials, security answers, or other data, or to perform actions that compromise security. The tactic works because the target accepts the situation as legitimate and relays information or access under the assumed pretext. This differs from phishing, which relies on fake messages or websites to harvest data rather than a carried-out in-person or voice pretext. It also differs from shoulder surfing, which is simply watching someone enter their credentials, and from quid pro quo, where something is offered in exchange for information rather than a constructed scenario used to elicit it.

Creating a plausible scenario or persona to coax someone into revealing sensitive information is pretexting. The attacker adopts a believable role—like IT support, a bank employee, or a coworker—and uses that story to persuade the target to disclose credentials, security answers, or other data, or to perform actions that compromise security. The tactic works because the target accepts the situation as legitimate and relays information or access under the assumed pretext.

This differs from phishing, which relies on fake messages or websites to harvest data rather than a carried-out in-person or voice pretext. It also differs from shoulder surfing, which is simply watching someone enter their credentials, and from quid pro quo, where something is offered in exchange for information rather than a constructed scenario used to elicit it.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy