Which of the following attack could be avoided by creating more security awareness in the organization and
provide adequate security knowledge to all employees?

A.
Smurf attack

B.
Traffic analysis

C.
Phishing

D.
Interrupt attack

Explanation:
Phishing is the attempt to get information such as usernames, passwords, and credit card details commonly
through email spoofing and instant messaging that contain links directing the unsuspecting user to enter detailsat a fake website whose look and feel are almost identical to the legitimate website. Attempts to deal with
phishing include legislation, user training, public awareness, and technical security measures.
Incorrect Answers:
A: A smurf attack is a distributed denial of service (DDoS) attack in which an ICMP ECHO REQUEST packet
with the victims spoofed source address is sent to the victim’s network broadcast address. Each system on the
victim’s subnet receives an ICMP ECHO REQUEST packet and replies with an ICMP ECHO REPLY packet to
the spoof address in the ICMP ECHO REQUEST packet. This floods the victims system, causing it to slow
down, freeze, crash, or reboot.
B: A traffic analysis attack is carried out to uncover information by analyzing traffic patterns on a network.
Traffic padding can be used to counter this kind of attack, in which decoy traffic is sent out over the network to
disguise patterns and make it more difficult to uncover them.
D: An interrupt or denial of service (DoS) attack occurs when an attacker sends multiple service requests to the
victim’s computer until they eventually overwhelm the system, causing it to freeze, reboot, and ultimately not be
able to carry out regular tasks.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 271-273, 587,
1293, 1294
http://en.wikipedia.org/wiki/Phishing