312-50v12 Exam QuestionsBrowse all questions from this exam
Go to Exam

312-50v12 Exam - Question 111

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson’s machine.

What is the social engineering technique Steve employed in the above scenario?

Show Answer
Correct Answer: B

The technique employed in the scenario is quid pro quo. In quid pro quo attacks, an attacker offers something of value, typically some form of assistance or service, in exchange for information or access. In this case, Johnson offered help to prevent a server compromise in exchange for the victim's compliance with his instructions, which led to the installation of malicious files. This matches the definition of quid pro quo, where the attacker expects something in return for his offer of help.

Discussion

11 comments
Sign in to comment
fortinetmasterOption: B
Apr 26, 2023

Correct B: Quid pro quo CEH Book v12 Page 1341 Attackers call numerous random numbers within a company, claiming to be from technical support. They offer their service to end users in exchange for confidential data or login credentials

Vincent_LuOption: C
Jun 29, 2023

A. Diversion theft: A technique involving distraction to commit theft or stealing. B. Quid pro quo: An exchange where one party provides value in return for a benefit. C. Elicitation: Gathering information through skilled questioning or social engineering. D. Phishing: Fraudulent technique using deception to obtain sensitive information.

eli117Option: B
Apr 5, 2023

B. Quid pro quo. In this technique, the attacker offers something of value, in this case, a warning about a compromised server, in exchange for access or information. In this case, Johnson offered to help the victim prevent an attack in progress, but in reality, he was using the opportunity to install malware and steal sensitive information.

sausagemanOption: B
Apr 18, 2023

B. Quid pro quo CEH Book v12 Module 09 Page 905 "Quid pro quo is a Latin phrase that meaning “something for something.” In this technique, attackers keep calling random numbers within a company, claiming to be calling from technical support. This is a baiting technique where attackers offer their service to end-users in exchange of confidential data or login credentials."

jeremy13Option: B
May 3, 2023

same page as fortinetmaster => yeah we have the same book ;-)

Attila777Option: C
Oct 18, 2023

definetly C. elicitation: In requirements engineering, requirements elicitation is the practice of researching and discovering the requirements of a system from users, customers, and other stakeholders. The practice is also sometimes referred to as "requirement gathering".

IPconfigOption: B
Oct 26, 2023

Quid Pro Quo an attacker gathers random phone numbers of the employees of a target organization. They then start calling each number, pretending to be from the IT department. The attacker eventually finds someone with a genuine technical issue and offers their service to resolve it. The attacker can then ask the victim to follow a series of steps and to type in the specific commands to install and launch malicious files that contain malware designed to collect sensitive information

victorfsOption: C
May 21, 2023

The correct option is C. Elicitacion. Steve uses persuasion and manipulation to extract sensitive information from the victim. Where is the Quid pro quo? The victim dont get nothing!

Tafulu
Aug 1, 2023

I believe the quid pro quo here is hey your server is going to die, I'm technical support and will help you prevent this. I just need you to download these files and update the system so that I can fix it.

mikelpal
Jun 16, 2024

**Answer is B. "he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson’s machine."

hellooooooodsOption: B
Nov 22, 2023

In this technique, attackers keep calling random numbers within a company, claiming to be calling from technical support. This is a baiting technique where attackers offer their service to end-users in exchange of confidential data or login credentials

insaniuntOption: B
Dec 27, 2023

B. Quid pro quo

ametahOption: B
Jun 21, 2024

Quid Pro Quo Quid pro quo is a Latin phrase that meaning “something for something.” In this technique, attackers keep calling random numbers within a company, claiming to be calling from technical support. This is a baiting technique where attackers offer their service to end-users in exchange of confidential data or login credentials. CEHv12 Module 09 Social Engineering Page 1348