CGRC · Question #375
CGRC Question #375: Real Exam Question with Answer & Explanation
The correct answer is B: Confidentiality. Shoulder surfing is an attack where an unauthorized person observes sensitive information, such as passwords, thereby directly violating the confidentiality of that information.
Question
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack? Response:
Options
- AAuthenticity
- BConfidentiality
- CAvailability
- DIntegrity
Explanation
Shoulder surfing is an attack where an unauthorized person observes sensitive information, such as passwords, thereby directly violating the confidentiality of that information.
Common mistakes.
- A. Authenticity refers to verifying identity; while a successful shoulder surfing attack can lead to unauthorized access, the act itself is a breach of confidentiality, not authenticity.
- C. Availability ensures information and systems are accessible when needed; shoulder surfing does not directly impact the availability of resources.
- D. Integrity ensures data is accurate and unaltered; shoulder surfing involves observing data without modifying it, thus not violating integrity.
Concept tested. CIA triad - Confidentiality violation
Reference. https://learn.microsoft.com/en-us/security/cybersecurity-reference-architecture/cia-triad
Topics
Community Discussion
No community discussion yet for this question.