During an IS audit, auditor has observed that authentication and authorization steps are split into two functions
and there is a possibility to force the authorization step to be completed before the authentication step. Which
of the following technique an attacker could user to force authorization step before authentication?
A.
Eavesdropping
B.
Traffic analysis
C.
Masquerading
D.
Race Condition
Explanation:
A race condition happens when two different processes need to carry out their tasks on the same resource.
Incorrect Answers:
A: Sniffing or eavesdropping involves the capturing and recording of all frames traveling across the network
media.
B: Traffic analysis is used for discovering information by watching traffic patterns on a network.
C: Masquerading occurs by impersonating another user to gain unauthorized access to a systemHarris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 410, 411, 1060, 1294
Miller, David R, CISSP Training Kit, O’Reilly Media, 2013, Sebastopol, p. 508