Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

ISC2 Exam ISSAP Topic 4 Question 3 Discussion

Actual exam question for ISC2's ISSAP exam
Question #: 3
Topic #: 4
[All ISSAP Questions]

Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?

Show Suggested Answer Hide Answer
Suggested Answer: A

Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This

information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of the people to

trick someone rather than their technical skills. A user should always distrust people who ask him for his account name or password, computer

name, IP address, employee ID, or other information that can be misused.

Answer option D is incorrect. A password guessing attack occurs when an unauthorized user tries to log on repeatedly to a computer or

network by guessing usernames and passwords. Many password guessing programs that attempt to break passwords are available on the

Internet. Following are the types of password guessing attacks:

Brute force attack

Dictionary attack

Answer option B is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the

attacker posts a message that contains malicious code to any newsgroup site. When another user views this message, the browser

interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks

require the execution of client-side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user's Web environment. With

the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.

Answer option C is incorrect. Mail bombing is an attack that is used to overwhelm mail servers and clients by sending large amount of

unwanted e-mails. The aim of this type of attack is to completely fill the recipient's hard disk with immense, useless files, causing at best

irritation, and at worst total computer failure. E-mail filtering and properly configuring email relay functionality on mail servers can be helpful for

protection against this type of attack.


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77