PrepAway - Latest Free Exam Questions & Answers

Which of the following attacks does this action remediate?

All executive officers have changed their monitor location so it cannot be easily viewed when passing by
their offices. Which of the following attacks does this action remediate?

PrepAway - Latest Free Exam Questions & Answers

A.
Dumpster Diving

B.
Impersonation

C.
Shoulder Surfing

D.
Whaling

Explanation:
Viewing confidential information on someone’s monitor is known as shoulder surfing. By moving their
monitors so they cannot be seen, the executives are preventing users passing by ‘shoulder surfing’.
Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get
information. Shoulder surfing is an effective way to get information in crowded places because it’s
relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM
machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with
the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend
that you shield paperwork or your keypad from view by using your body or cupping your hand.
Incorrect Answers:
A: Dumpster diving is looking for treasure in someone else’s trash. (A dumpster is a large trash container.)
In the world of information technology, dumpster diving is a technique used to retrieve information that
could be used to carry out an attack on a computer network. Dumpster diving isn’t limited to searching
through the trash for obvious treasures like access codes or passwords written down on sticky notes.
Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist
an attacker using social engineering techniques to gain access to the network. This is not what is
described in this question.
B: Impersonation is where a person, computer, software application or service pretends to be someone
or something it’s not. Impersonation is commonly non-maliciously used in client/server applications.
However, it can also be used as a security threat. This is not what is described in this question.
D: Whaling is a specific kind of malicious hacking within the more general category of phishing, which
involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on
collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or
others in powerful positions or job titles.Hackers who engage in whaling often describe these efforts as “reeling in a big fish,” applying a familiar
metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those
who are engaged in whaling may, for example, hack into specific networks where these powerful
individuals work or store sensitive data. They may also set up keylogging or other malware on a work
station associated with one of these executives. There are many ways that hackers can pursue whaling,
leading C-level or top-level executives in business and government to stay vigilant about the possibility of
cyber threats. This is not what is described in this question.

http://searchsecurity.techtarget.com/definition/shoulder-surfing
http://searchsecurity.techtarget.com/definition/dumpster-diving
http://www.techopedia.com/definition/28643/whaling


Leave a Reply