Which of the following helps prevent security failures?
A.
Social engineering
B.
Denial-of-Service attack
C.
Attack surface reduction
D.
Snooping
Explanation:
The attack surface is a software environment where codes can be run by unauthenticated users. By
improving information security, the attack surface of a system or software can be reduced. Although
attack surface reduction helps prevent security failures; it does not mitigate the amount of damage
an attacker could inflict once a vulnerability is found.Answer B is incorrect. A Denial-of-Service (DoS) attack is mounted with the objective of causing a
negative impact on the performance of a computer or network. It is also known as network
saturation attack or bandwidth consumption attack. Attackers make DoS attacks by sending a large
number of protocol packets to a network. The problems caused by a DoS attack are as follows:
Saturate network resources.
Disrupt connections between two computers, thereby preventing communications between
services.
Disrupt services to a specific computer.Answer D is incorrect. Snooping is an activity of observing the content that appears on a computer
monitor or watching what a user is typing. Snooping also occurs by using software programs to
remotely monitor activity on a computer or network device. Hackers or attackers use snooping
techniques and equipment such as keyloggers to monitor keystrokes, capture passwords and login
information, and to intercept e-mail and other private communications. Sometimes, organizations
also snoop their employees legitimately to monitor their use of organizations’ computers and track
Internet usage.Answer A is incorrect. Social engineering is the art of convincing people and making them disclose
useful information such as account names and passwords. This information is further exploited by
hackers to gain access to a user’s computer or network. This method involves mental ability of
people to trick someone rather than their technical skills. A user should always distrust people who
ask him for his account name, password, computer name, IP address, employee ID, or other
information that can be misused.