PrepAway - Latest Free Exam Questions & Answers

Which of the following types of attack can be used to break the best physical and logical security mechanism t

Which of the following types of attack can be used to break the best physical and logical security
mechanism to gain access to a system?

PrepAway - Latest Free Exam Questions & Answers

A.
Social engineering attack

B.
Cross site scripting attack

C.
Mail bombing

D.
Password guessing attack

Explanation:
Social engineering attack can be used to break the best physical and logical security
mechanism to gain access to a system.
Social engineering is the art of convincing people and making them disclose useful information such
as account names and passwords. This
information is further exploited by hackers to gain access to a user’s computer or network. This
method involves mental ability of the people to
trick someone rather than their technical skills. A user should always distrust people who ask him for
his account name or password, computer
name, IP address, employee ID, or other information that can be misused.
Answer option D is incorrect. A password guessing attack occurs when an unauthorized user tries to
log on repeatedly to a computer or
network by guessing usernames and passwords. Many password guessing programs that attempt to
break passwords are available on the
Internet. Following are the types of password guessing attacks:
Brute force attack
Dictionary attack
Answer option B is incorrect. A cross site scripting attack is one in which an attacker enters malicious
data into a Website. For example, the
attacker posts a message that contains malicious code to any newsgroup site. When another user
views this message, the browser
interprets this code and executes it and, as a result, the attacker is able to take control of the user’s
system. Cross site scripting attacks
require the execution of client-side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc.
within a user’s Web environment. With
the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking,
etc.

Answer option C is incorrect. Mail bombing is an attack that is used to overwhelm mail servers and
clients by sending large amount of
unwanted e-mails. The aim of this type of attack is to completely fill the recipient’s hard disk with
immense, useless files, causing at best
irritation, and at worst total computer failure. E-mail filtering and properly configuring email relay
functionality on mail servers can be helpful for
protection against this type of attack.


Leave a Reply