PrepAway - Latest Free Exam Questions & Answers

Which of the following can only be mitigated through the use of technical controls rather that user security t

Which of the following can only be mitigated through the use of technical controls rather that user
security training?

PrepAway - Latest Free Exam Questions & Answers

A.
Shoulder surfing

B.
Zero-day

C.
Vishing

D.
Trojans

Explanation:
A zero day vulnerability is an unknown vulnerability in a software application. This cannot be prevented
by user security training.
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is
then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a
zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted
access to user information. The term “zero day” refers to the unknown nature of the hole to those
outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins
for the developer, who must protect users.
Incorrect Answers:
A: Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to
get information. Shoulder surfing is an effective way to get information in crowded places because it’srelatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM
machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with
the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend
that you shield paperwork or your keypad from view by using your body or cupping your hand. Shoulder
surfing can be mitigated through the use of user security training.
C: Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into
revealing critical financial or personal information to unauthorized entities. Vishing works like phishing
but does not always occur over the Internet and is carried out using voice technology. A vishing attack can
be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone.
The potential victim receives a message, often generated by speech synthesis, indicating that suspicious
activity has taken place in a credit card account, bank account, mortgage account or other financial
service in their name. The victim is told to call a specific telephone number and provide information to
“verify identity” or to “ensure that fraud does not occur.” If the attack is carried out by telephone, caller
ID spoofing can cause the victim’s set to indicate a legitimate source, such as a bank or a government
agency.
Vishing can be mitigated through the use of user security training.
D: In computers, a Trojan horse is a program in which malicious or harmful code is contained inside
apparently harmless programming or data in such a way that it can get control and do its chosen form of
damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan horse
was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely
redistributed as part of a computer virus.
Trojans can be mitigated through the use of user security training.

http://www.pctools.com/security-news/zero-day-vulnerability/
http://searchsecurity.techtarget.com/definition/shoulder-surfing
http://searchunifiedcommunications.techtarget.com/definition/vishing
http://searchsecurity.techtarget.com/definition/Trojan-horse


Leave a Reply