During a social engineering engagement, you notice an unsecured refuse container behind a company's building that appears to contain discarded files. Which action aligns with a legitimate test while respecting the agreed scope?
Gather discarded documents at the end of each day without informing personnel
Check the scope and obtain consent to recover items from the refuse container for analysis
Wait by the refuse area to question staff whenever they discard materials
Install cameras around the container to record employees discarding items
Verifying that the test plan allows retrieval of materials from disposal bins and discussing it with the client honor the legal boundaries of a social engineering assessment. Approaches involving surveillance equipment or obtaining items without confirming the scope can violate privacy, laws, or the rules of engagement. Simply approaching employees may compromise the covert nature of the assessment and is less effective for gathering discarded information.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the importance of checking the scope in a social engineering engagement?
Open an interactive chat with Bash
Why is installing surveillance cameras or gathering documents without consent prohibited during a social engineering test?
Open an interactive chat with Bash
What are some examples of methods to maintain a covert yet ethical approach during a social engineering test?