Shoulder surfing is a type of in-person attack in which the attacker gathers information about the
premises of an organization. This attack is often performed by looking surreptitiously at the

keyboard of an employee’s computer while he is typing in his password at any access point such as a
terminal/Web site. Which of the following is violated in a shoulder surfing attack?

A.
Availability

B.
Confidentiality

C.
Integrity

D.
Authenticity

Explanation:
Confidentiality is violated in a shoulder surfing attack. The CIA triad provides the following three
tenets for which security practices are measured.
Confidentiality. It is the property of preventing disclosure of information to unauthorized individuals
or systems. Breaches of confidentiality take many forms. Permitting someone to look over your
shoulder at your computer screen while you have confidential data displayed on it could be a breach
of confidentiality. If a laptop computer containing sensitive information about a company’s
employees is stolen or sold, it could result in a breach of confidentiality.
Integrity. It means that data cannot be modified without authorization. Integrity is violated when an
employee accidentally or with malicious intent deletes important data files, when a computer virus
infects a computer, when an employee is able to modify his own salary in a payroll database, when
an unauthorized user vandalizes a web site, when someone is able to cast a very large number of
votes in an online poll, and so on.
Availability. It means that data must be available at every time when it is needed.
Answer option D is incorrect. Authenticity is not a tenet of the CIA triad.