A penetration tester is assessing an organization's physical security. The tester wants to gain unauthorized access to a secured server room that uses a biometric fingerprint scanner. Which of the following techniques would be MOST effective for bypassing the biometric scanner?
Trap 1: Shoulder surfing the authorized user's fingerprint pattern
Shoulder surfing is ineffective for capturing detailed fingerprint patterns needed for replication.
Trap 2: Picking the lock on the server room door
Lockpicking targets the door lock, not the biometric scanner.
Trap 3: Tailgating behind an authorized employee
Tailgating avoids the scanner but requires following someone in; it does not bypass the scanner mechanism.
- A
Shoulder surfing the authorized user's fingerprint pattern
Why wrong: Shoulder surfing is ineffective for capturing detailed fingerprint patterns needed for replication.
- B
Picking the lock on the server room door
Why wrong: Lockpicking targets the door lock, not the biometric scanner.
- C
Using a gelatin mold of an authorized user's fingerprint
Gelatin molds can create replicas of fingerprints that may be accepted by some scanners.
- D
Tailgating behind an authorized employee
Why wrong: Tailgating avoids the scanner but requires following someone in; it does not bypass the scanner mechanism.