Social Engineering

Correct Answer: The free USB drives may contain malware that executes when plugged in

The most concerning aspect of this scenario is that the free USB drives may contain malware that executes when plugged in. This is a classic example of a physical social engineering attack vector. When unknown USB devices are inserted into a computer, they can automatically execute malicious code through autorun features or exploit vulnerabilities in the system. This is particularly dangerous because it bypasses many network security controls and gains direct access to the target system. The fact that the drives are branded with the conference logo adds to the deception, making them appear more legitimate, but this doesn't guarantee their safety. While the lack of vendor credentials is suspicious, it's not as immediately dangerous as the potential malware threat. The possibility of security tools collecting user data is a valid concern, but this requires the user to actually install the software, whereas malware on a USB can execute as soon as the drive is connected. The psychological manipulation aspect is present but is the method of attack rather than the most concerning outcome of the scenario.

Correct Answer: Tailgating

Tailgating is the correct term in social engineering for when an attacker follows an authorized person into a secured area by walking in behind them, often appearing to be legitimate or simply taking advantage of courtesy (like holding doors open). Piggybacking through mutual trust establishment is a made-up term that sounds technical but isn't standard terminology in security. Shoulder surfing refers to a different technique where an attacker observes someone entering sensitive information, such as watching someone type passwords or PINs. Premises infiltration is a generic term that could describe any method of unauthorized entry to a facility, but it's not the specific technical term for following someone through a secured entrance.

Correct Answer: Installing privacy screens on all monitors in open workspaces

Shoulder surfing is a physical security attack where unauthorized individuals observe sensitive information displayed on screens or physical documents by looking over someone's shoulder in a public or shared workspace. Installing privacy screens on all monitors in open workspaces is the most effective countermeasure specifically for shoulder surfing. Privacy screens limit the viewing angle of monitor displays, making it extremely difficult for anyone not directly in front of the screen to view its contents. Implementing a clean desk policy helps with physical document security but doesn't address information visible on screens while employees are actively working. Deploying facial recognition systems at entry points helps with access control but doesn't prevent shoulder surfing once unauthorized individuals are already in the workspace or when the shoulder surfer is an authorized employee looking at confidential information they shouldn't access. Establishing mandatory screen locks after 60 seconds of inactivity only protects unattended workstations, not when employees are actively using their computers, which is when shoulder surfing typically occurs.