This is a textbook case of Intranet DNS Poisoning, often combined with ARP spoofing, as described in CEH v13 Network Sniffing and MITM Attacks. The attacker positions themselves inside the local network, intercepts DNS requests, and responds faster than the legitimate DNS server.
ARP spoofing enables the attacker to perform a Man-in-the-Middle attack, allowing sniffing and modification of DNS traffic. CEH v13 notes that faster rogue responses are a strong indicator of local DNS poisoning.

CEH training emphasizes that mobile applications frequently mishandle local storage, leaving sensitive data such as tokens, passwords, API keys, or personal information unencrypted within SQLite databases, shared preferences, or flat-file storage. When encryption is absent or improperly implemented, attackers can directly access this data through filesystem extraction, Android Debug Bridge (ADB) access, physical device access, or rooted environments. CEH identifies "Insecure Data Storage" as one of the most critical mobile vulnerabilities because it bypasses server-side defenses entirely. Since the vulnerability specifically concerns data at rest, the most direct and effective exploitation method is to retrieve the locally stored unencrypted data. SQL injection (Option B) evaluates backend security, not device storage. XSS (Option C) is a web attack and unrelated to local encryption. Brute-forcing credentials (Option D) is unnecessary when sensitive information is already stored insecurely. Therefore, accessing local storage is the correct exploitation method.

The best answer is B. Cryptographic Failures because the scenario centers on weak protection of sensitive data in transit, enabling an attacker to intercept and manipulate the information. In CEH-aligned web and application security concepts (and consistent with modern web risk categories), cryptographic failures occur when an application does not properly use cryptography or secure transport protections to ensure confidentiality and integrity of sensitive data. If transport encryption is missing, weak, or incorrectly configured, attackers can perform man-in-the-middle style interception, tamper with traffic, steal session material, and exfiltrate regulated data-leading to outcomes like identity theft and payment card fraud, exactly as described.
The references to cookie snooping and downgrade attacks further reinforce this. Cookie snooping is commonly associated with session cookies being exposed due to insecure transport (for example, lack of HTTPS, mixed content, or cookies missing secure attributes), allowing an attacker on the network path to capture session identifiers and hijack accounts. Downgrade attacks occur when an attacker forces a connection to use weaker security settings (such as older TLS versions or insecure cipher suites) or coerces a fallback from HTTPS to HTTP when protections like HSTS are absent or misapplied. Both issues are tightly linked to improper cryptographic configuration and transport-layer security weaknesses.
Why the other options are not the best match: Broken Access Control concerns authorization-what users are allowed to access-not interception/manipulation of traffic. Identification and Authentication Failures focus on login/session identity mechanisms (passwords, MFA, session handling) but the key failure here is the weakness of cryptographic protection for data in transit. Security Misconfiguration can be a contributing cause (e.g., misconfigured TLS), but the question emphasizes the resulting weakness category-insufficient cryptographic/transport protections-making Cryptographic Failures the most precise answer.
Therefore, MediVault's exposure to interception, manipulation, cookie snooping, and downgrade attacks most clearly indicates Cryptographic Failures.

The correct answer is B. Impersonation because Rachel's primary technique is pretending to be a specific, legitimate employee ("Mark Stevens, a senior finance manager") to induce the HR staffer to disclose or transmit sensitive information. In CEH-aligned social engineering concepts, impersonation is the act of assuming another person's identity or role-often someone with authority or a believable business need-to gain trust and persuade the target to perform an action they otherwise should not (such as sharing confidential documents, resetting credentials, or bypassing verification steps).
The scenario includes multiple social engineering influence factors commonly emphasized in CEH: authority (claiming to be a senior finance manager and referencing the CFO), urgency ("upcoming presentation" and
"urgently needs"), and pressure to reduce the likelihood the staffer follows standard validation procedures.
These elements strengthen the impersonation by making the request feel both legitimate and time-sensitive, increasing compliance. The target's reaction-feeling compelled due to Rachel's authoritative tone-matches the expected psychological effect of impersonation attacks.
Why the other options are less correct: Vishing (voice phishing) is a delivery channel-social engineering conducted via phone calls. While this interaction occurs over the phone, the question asks for the technique being demonstrated. The defining technique here is the identity deception (impersonation) rather than merely the medium. Quid pro quo involves offering something in exchange (e.g., "I'll fix your issue if you give me your password"), which is not present. Reverse social engineering involves the attacker creating a problem and positioning themselves as the helper so the victim contacts them; that is not described because Rachel initiates the call and directly requests the document.
Therefore, the most accurate classification of Rachel's method is Impersonation.

Spear-phishing is a targeted form of phishing that uses personalized and context-rich information to increase credibility. CEH emphasizes that referencing specific internal projects, financial data, or organizational events significantly raises the success rate when attacking high-value targets such as executives. This tailored approach avoids suspicion and exploits trust more effectively than broad or generic phishing attempts.