PrepAway - Latest Free Exam Questions & Answers

which of the following attacks?

Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential customer information in a recycle bin without shredding it first. This
is MOST likely to increase the risk of loss from which of the following attacks?

PrepAway - Latest Free Exam Questions & Answers

A.
Shoulder surfing

B.
Dumpster diving

C.
Tailgating

D.
Spoofing

Explanation:
Dumpster diving is looking for treasure in someone else’s trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a
technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn’t limited to searching through the trash
for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational
chart can be used to assist an attacker using social engineering techniques to gain access to the network. To prevent dumpster divers from learning anything
valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross-cut
shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash.
Incorrect Answers:
A: Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is an effective way to get
information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or
use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent
shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. This is not what is described in
this question. Therefore, this answer is incorrect.
C: Tailgating in IT security would be an unauthorized person following and authorized person into a building or room such as a datacenter. If a building has a card
reader where an authorized person can hold up a card to the reader to unlock the door, someone tailgating could follow the authorized person into the building by
walking through the door before it closes and locks. This is not what is described in this question. Therefore, this answer is incorrect.
D: There are several kinds of spoofing including email, caller ID, MAC address, and uniform resource locator (URL) spoof attacks. All types of spoofing are
designed to imitate something or someone.
Email spoofing (or phishing), used by dishonest advertisers and outright thieves, occurs when email is sent with falsified “From:” entry to try and trick victims that
the message is from a friend, their bank, or some other legitimate source. Any email that claims it requires your password or any personal information could be a
trick.
In a caller ID attack, the spoofer will falsify the phone number he/she is calling from. This is not what is described in this question. Therefore, this answer is
incorrect.

http://searchsecurity.techtarget.com/definition/dumpster-diving http://searchsecurity.techtarget.com/definition/shoulder-surfing


Leave a Reply