Brandy could not figure out how Sam gained unauthorized access to her system, since he has little computer experience. Which of the following is most likely the attack Sam used?
A.
Dictionary attack
B.
Shoulder surfing attack
C.
Covert channel attack
D.
Timing attack
Explanation:
B: Shoulder surfing is a type of browsing attack in which an attacker looks over another’s shoulder to see items on that person’s monitor or what is being typed
in at the keyboard. Sam probably viewed Brandy’s password as she typed it. Of the attacks listed, this is the easiest to execute in that it does not require any real
knowledge of computer systems.
+ A is incorrect because a dictionary attack is an automated attack involving the use of tools like Crack or L0phtcrack. Sam would need to be aware of these tools
and know how to find and use them. A dictionary attack requires more knowledge of how computer systems work compared to shoulder surfing.
+ C is incorrect because a covert channel attack requires computer expertise. A covert channel is a communications path that enables a process to transmit
information in a way that violates the system’s security policy. Identifying and using a covert channel requires a lot more computer expertise compared to a
shoulder surfing attack.
+ D is incorrect because a timing attack requires intimate knowledge of how software executes its instruction sets so that they can be manipulated. Commonly a
person who could successfully carry out this attack requires programming experience.
How can one say Shoulder surfing was only thing used to gain access? It could also be A? Question is vague.
0
0
Agree. This is a bad question.
0
0
“since he has little computer experience” – It is highly unlikely he could have used Dictionary attack or any of the other methods.
0
0
Shoulder surfing is correct answer. Similar insider attacks are Dumpster diving, social engineering. In most cases insider attacks does not involve any specialised tools or advanced attacks.
0
0
Well that would be under assessment that if someone wasn’t that knowledgeable, he won’t use other means to get someone’s password. A criminal mind can always get support from other like-minded people. Question should ask for obvious technical stuff rather than just an assessment that someone is a layman so he won’t do that.
0
0
Guys, the CISSP exam is all about CONCEPTS and choosing the BEST single answer. The question simply asks about the least technical attack. I think it is a good question.
0
0
simple question and very obvious. All other attack requires technical know how
0
0
Shoulder surfing is to view others user type.
0
0
Some truly interesting information, well written and broadly user genial.
http://www.bastcilkdoptb.com/
0
0