Which of the following attack includes social engineering, link manipulation or web site forgery techniques?
A.
Smurf attack
B.
Traffic analysis
C.
Phishing
D.
Interrupt attack
Explanation:
Phishing is the attempt to get information such as usernames, passwords, and credit card details commonly
through email spoofing and instant messaging that contain links directing the unsuspecting user to enter details
at a fake website whose look and feel are almost identical to the legitimate website. Attempts to deal with
phishing include legislation, user training, public awareness, and technical security measures.
Incorrect Answers:
A: A smurf attack is a distributed denial of service (DDoS) attack in which an ICMP ECHO REQUEST packet
with the victims spoofed source address is sent to the victim’s network broadcast address. Each system on the
victim’s subnet receives an ICMP ECHO REQUEST packet and replies with an ICMP ECHO REPLY packet to
the spoof address in the ICMP ECHO REQUEST packet. This floods the victims system, causing it to slow
down, freeze, crash, or reboot. This attack does not make use of social engineering, link manipulation or web
site forgery techniques.
B: A traffic analysis attack is carried out to uncover information by analyzing traffic patterns on a network.
Traffic padding can be used to counter this kind of attack, in which decoy traffic is sent out over the network to
disguise patterns and make it more difficult to uncover them. This attack does not make use of social
engineering, link manipulation or web site forgery techniques.
D: An interrupt or denial of service (DoS) attack occurs when an attacker sends multiple service requests to the
victim’s computer until they eventually overwhelm the system, causing it to freeze, reboot, and ultimately not be
able to carry out regular tasks. This attack does not make use of social engineering, link manipulation or web
site forgery techniques.Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 271-273, 587,
1293, 1294
http://en.wikipedia.org/wiki/Phishing