Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 Exam ISSAP Topic 4 Question 3 Discussion

Actual exam question for ISC2's Information Systems Security Architecture Professional exam
Question #: 3
Topic #: 4
[All Information Systems Security Architecture Professional Questions]

Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?

Show Suggested Answer Hide Answer
Suggested Answer: A

Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This

information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of the people to

trick someone rather than their technical skills. A user should always distrust people who ask him for his account name or password, computer

name, IP address, employee ID, or other information that can be misused.

Answer option D is incorrect. A password guessing attack occurs when an unauthorized user tries to log on repeatedly to a computer or

network by guessing usernames and passwords. Many password guessing programs that attempt to break passwords are available on the

Internet. Following are the types of password guessing attacks:

Brute force attack

Dictionary attack

Answer option B is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the

attacker posts a message that contains malicious code to any newsgroup site. When another user views this message, the browser

interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks

require the execution of client-side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user's Web environment. With

the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.

Answer option C is incorrect. Mail bombing is an attack that is used to overwhelm mail servers and clients by sending large amount of

unwanted e-mails. The aim of this type of attack is to completely fill the recipient's hard disk with immense, useless files, causing at best

irritation, and at worst total computer failure. E-mail filtering and properly configuring email relay functionality on mail servers can be helpful for

protection against this type of attack.


by Carmelina at May 06, 2022, 06:05 AM

Limited Time Offer

25%

Off

Get Premium ISSAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!


Save Cancel