Digital Forensic Certification Practice Exam

What type of attack occurs when an employee is manipulated into attaching a malicious USB device to gain access to sensitive data?

• A. Phishing Attack
• B. Ad-hoc Connection Attack
• C. Insider Threat
• D. Data Breach

The correct answer is: Ad-hoc Connection Attack

The situation described involves manipulation of an employee to connect a malicious USB device, which is closely associated with a social engineering technique rather than a direct technical attack. The correct classification for this scenario focuses on the act of convincing or tricking an insider, or a trusted employee, to assist in compromising security measures. This type of scenario typically falls under the category of an insider threat, where an individual within the organization, either knowingly or unknowingly, facilitates an unauthorized access to sensitive information. The manipulation of the employee to use the USB device presents exploitation of trust and social factors rather than a straightforward technical method. On the other hand, phishing attacks primarily involve deceptive emails or messages designed to trick individuals into providing sensitive information or downloading malware, without the direct physical interaction seen in this scenario. An ad-hoc connection attack would involve exploiting unsecured connections rather than direct manipulation through physical media. A data breach refers to unauthorized access and extraction of sensitive data, but it does not describe the process of manipulation involved in this situation. Thus, recognizing that the attack hinges on manipulating a trusted insider for access, the distinction highlights why this scenario is better characterized as an insider threat.