PrepAway - Latest Free Exam Questions & Answers

Which of the following types of attacks is often performed by looking surreptitiously at the keyboard or monit

Which of the following types of attacks is often performed by looking surreptitiously at the keyboard
or monitor of an employee’s computer?

PrepAway - Latest Free Exam Questions & Answers

A.
Buffer-overflow attack

B.
Man-in-the-middle attack

C.
Shoulder surfing attack

D.
Denial-of-Service (DoS) attack

Explanation:
The Shoulder surfing attack is often performed by looking surreptitiously at the
keyboard or monitor of an employee’s computer.
Shoulder surfing is a type of in person attack in which an attacker gathers information about the
premises of an organization. This attack is

often performed by looking surreptitiously at the keyboard or monitor screen of an employee’s
computer while he is typing in his password at
any access point such as a terminal/Web site. An attacker can also gather information by looking at
open documents on the employee’s desk,
posted notices on the notice boards, etc.
Answer option B is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts
an intermediary software or program
between two communicating hosts. The intermediary software or program allows attackers to listen
to and modify the communication packets
passing between the two hosts. The software intercepts the communication packets and then sends
the information to the receiving host.
The receiving host responds to the software, presuming it to be the legitimate client.
Answer option A is incorrect. A buffer-overflow attack is performed when a hacker fills a field,
typically an address bar, with more characters
than it can accommodate. The excess characters can be run as executable code, effectively giving
the hacker control of the computer and
overriding any security measures set.
Answer option D is incorrect. A Denial-of-Service (DoS) attack is mounted with the objective of
causing a negative impact on the performance
of a computer or network. It is also known as network saturation attack or bandwidth consumption
attack. Attackers make Denial-of-Service
attacks by sending a large number of protocol packets to a network. A DoS attack can cause the
following to occur:
Saturate network resources.
Disrupt connections between two computers, thereby preventing communications between
services.
Disrupt services to a specific computer.
A SYN attack is a common DoS technique in which an attacker sends multiple SYN packets to a target
computer. For each SYN packet received,
the target computer allocates resources and sends an acknowledgement (SYN-ACK) to the source IP
address. Since the target computer does
not receive a response from the attacking computer, it attempts to resend the SYN-ACK. This leaves
TCP ports in the half-open state. When
an attacker sends TCP SYNs repeatedly before the half-open connections are timed out, the target
computer eventually runs out of resources
and is unable to handle any more connections, thereby denying service to legitimate users.


Leave a Reply