CISSP-ISSAP · Question #39
Which of the following are types of access control attacks? Each correct answer represents a complete solution. Choose all that apply.
The correct answer is B. Mail bombing C. Spoofing D. Brute force attack. Mail bombing (B), spoofing (C), and brute force attacks (D) are all classified as access control attacks in standard security frameworks. Mail bombing floods a target with messages to overwhelm systems and deny legitimate users access to resources - making it a denial-of-access a
Question
Which of the following are types of access control attacks? Each correct answer represents a complete solution. Choose all that apply.
Options
- ADictionary attack
- BMail bombing
- CSpoofing
- DBrute force attack
How the community answered
(36 responses)- A17% (6)
- B83% (30)
Explanation
Mail bombing (B), spoofing (C), and brute force attacks (D) are all classified as access control attacks in standard security frameworks. Mail bombing floods a target with messages to overwhelm systems and deny legitimate users access to resources - making it a denial-of-access attack. Spoofing involves impersonating a legitimate user, device, or resource to bypass authentication and access controls. Brute force attacks systematically try every possible credential combination until access is granted, directly targeting authentication mechanisms.
Dictionary attacks (A) are the distractor here - not because they're unrelated to passwords, but because this exam framework treats them as a subset of brute force (D), which is already listed. Since brute force is the broader, correct category, dictionary attack is redundant and not counted separately as a distinct type.
Memory tip: Think "SBM" - Spoofing fakes identity, Bombing floods access, and Brute force hammers credentials. All three actively attack the access control layer. Dictionary attacks just use a wordlist to do what brute force already covers - so when brute force is an option, dictionary attack is the trap.
Topics
Community Discussion
No community discussion yet for this question.