New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSMP Exam - Topic 5 Question 24 Discussion

Actual exam question for ISC2's ISSMP exam
Question #: 24
Topic #: 5
[All ISSMP Questions]

Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

Show Suggested Answer Hide Answer
Suggested Answer: B

Confidentiality is violated in a shoulder surfing attack. The CIA triad provides the following three tenets for which security practices are measured.

Confidentiality. It is the property of preventing disclosure of information to unauthorized individuals or systems. Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality. If a laptop computer containing sensitive information about a company's

employees is stolen or sold, it could result in a breach of confidentiality.

Integrity. It means that data cannot be modified without authorization. Integrity is violated when an employee accidentally or with malicious intent deletes important data files, when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site, when someone is able to cast a very large number of

votes in an online poll, and so on.

Availability. It means that data must be available at every time when it is needed.

Answer option D is incorrect. Authenticity is not a tenet of the CIA triad.


by Lavera at May 08, 2022, 02:09 AM

Limited Time Offer

25%

Off

Get Premium ISSMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Evangelina
4 months ago
Not sure if it's that serious, but okay...
upvoted 0 times
...
Michel
4 months ago
Surprised this is still a thing in 2023!
upvoted 0 times
...
Louvenia
4 months ago
No way, I thought it was just about availability.
upvoted 0 times
...
Oren
4 months ago
I think it affects integrity too, right?
upvoted 0 times
...
Meaghan
5 months ago
Definitely violates confidentiality!
upvoted 0 times
...
Ena
5 months ago
I’m confused about this one. I thought it might relate to authenticity too, but I guess that's more about verifying identities rather than just watching someone type.
upvoted 0 times
...
Tawna
5 months ago
I practiced a similar question, and I believe the correct answer is confidentiality because it involves unauthorized access to private information.
upvoted 0 times
...
Trinidad
5 months ago
I'm not entirely sure, but I remember something about how this type of attack could also affect integrity if the attacker uses the information to manipulate data later.
upvoted 0 times
...
Eugene
5 months ago
I think shoulder surfing mainly compromises confidentiality since the attacker is trying to steal sensitive information like passwords.
upvoted 0 times
...
Sharika
5 months ago
I'm pretty sure the answer is D. Process Builder events should be the ones I need to look for in the Dev Console Log Inspector.
upvoted 0 times
...
Janey
5 months ago
I'm not so sure, I remember another code about access issues, could it be 403?
upvoted 0 times
...

Save Cancel