Which of the following types of attacks entices a user to disclose personal information such as social
security number, bank account details, or credit card number?
A.
Replay attack
B.
Password guessing attack
C.
Phishing
D.
Spoofing
Explanation:
Phishing is a type of scam that entice a user to disclose personal information such as social security
number, bank account details, or credit
card number. An example of phishing attack is a fraudulent e-mail that appears to come from a
user’s bank asking to change his online
banking password. When the user clicks the link available on the e-mail, it directs him to a phishing
site which replicates the original bank site.
The phishing site lures the user to provide his personal information.
Answer D is incorrect. Spoofing is a technique that makes a transmission appear to have come from
an authentic source by forging the
IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using
someone else’s IP address to hide his
identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc. because
forging the source IP address causes the
responses to be misdirected.
Answer A is incorrect. A replay attack is a type of attack in which attackers capture packets
containing passwords or digital signatures
whenever packets pass between two hosts on a network. In an attempt to obtain an authenticated
connection, the attackers then resend
the captured packet to the system. In this type of attack, the attacker does not know the actual
password, but can simply replay the captured
packet.
Answer B is incorrect. A password guessing attack occurs when an unauthorized user tries to log on
repeatedly to a computer or
network by guessing usernames and passwords. Many password guessing programs that attempt to
break passwords are available on the
Internet. Following are the types of password guessing attacks:
Brute force attack
Dictionary attack