CISA Certified Information Systems Auditor – Question1448

The information security policy that states 'each individual must have their badge read at every controlled door' addresses which of the following attack methods?

A.
Piggybacking
B. Shoulder surfing
C. Dumpster diving
D. Impersonation

Correct Answer: A

Explanation:

Explanation:
Piggybacking refers to unauthorized persons following authorized persons, either physically or virtually, into restricted areas. This policy addresses the polite behavior problem of holding doors open for a stranger, if every employee must have their badge read at every controlled door no unauthorized person could enter the sensitive area. Looking over the shoulder of a user to obtain sensitive information could be done by an unauthorized person who has gained access to areas using piggybacking, but this policy specifically refers to physical access control. Shoulder surfing would not be prevented by the implementation of this policy. Dumpster diving, looking through an organization’s trash for valuable information, could be done outside the company’s physical perimeter; therefore, this policy would not address this attack method. Impersonation refers to a social engineer acting as an employee, trying to retrieve the desired information. Some forms of social engineering attacks could join an impersonation attack and piggybacking, but this information security policy does not address the impersonation attack.