Which of the following can only be mitigated through the use of technical controls rather that user
security training?
A.
Shoulder surfing
B.
Zero-day
C.
Vishing
D.
Trojans
Explanation:
A zero day vulnerability is an unknown vulnerability in a software application. This cannot be
prevented by user security training.
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security
hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this
exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware,
spyware or allowing unwanted access to user information. The term “zero day” refers to the
unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the
vulnerability becomes known, a race begins for the developer, who must protect users.
Just playing the devil’s advocate in here. B is clearly the BEST correct answer.
Having said that, a Trojan is a form of malware disguised as legitimate software. It is often employed by cybercriminals to steal private data, spy on users and gain unauthorized access to systems.
Trojans are so named because they need your permission to run on your computer, either when you run the program yourself, or if you open a document or image that then runs the program. With this in mind, the first and best defense against Trojans is to never open an email attachment or run a program when you aren’t 100 percent certain of the source, which includes all files downloaded from peer-to-peer programs or websites.
This indicates that Trojans can be managed by the use of “security training”.
But it goes beyond that as well, requiring the use of “technical controls” as well
0
0