nerdexam
(ISC)2

CISSP · Question #1022

A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?

The correct answer is B. Organization loses control of their network devices.. Losing control of network devices represents the highest risk because it gives the attacker full authority over all network functions, traffic, and security controls. The other scenarios are serious but limited in scope compared to total device compromise.

Submitted by ashley.k· Mar 5, 2026Security and Risk Management

Question

A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?

Options

  • ANetwork is flooded with communication traffic by the attacker.
  • BOrganization loses control of their network devices.
  • CNetwork management communications is disrupted.
  • DAttacker accesses sensitive information regarding the network topology.

How the community answered

(60 responses)
  • A
    8% (5)
  • B
    68% (41)
  • C
    5% (3)
  • D
    18% (11)

Why each option

Losing control of network devices represents the highest risk because it gives the attacker full authority over all network functions, traffic, and security controls. The other scenarios are serious but limited in scope compared to total device compromise.

ANetwork is flooded with communication traffic by the attacker.

A flood attack (DDoS) disrupts availability but does not grant the attacker control over devices or access to sensitive data, making it a temporary and limited-impact threat compared to full device compromise.

BOrganization loses control of their network devices.Correct

If an attacker gains control of network devices such as routers, switches, and firewalls, they effectively own the entire network infrastructure - they can redirect traffic, disable security policies, create backdoors, intercept all data, and facilitate any subsequent attack at will. This represents a total loss of confidentiality, integrity, and availability simultaneously. No other attack scenario provides the attacker with this level of persistent, broad, and catastrophic impact on the organization.

CNetwork management communications is disrupted.

Disrupting network management communications (e.g., blocking SNMP or out-of-band management) impairs the organization's ability to administer the network but does not itself grant the attacker control or access to sensitive data.

DAttacker accesses sensitive information regarding the network topology.

Accessing network topology information is a reconnaissance-level threat that aids future attacks but does not by itself cause direct operational harm or grant control over any network resources.

Concept tested: Risk assessment of network infrastructure attack scenarios

Source: https://www.cisa.gov/news-events/news/understanding-denial-service-attacks

Topics

#Risk assessment#Attack vectors#Impact analysis#Network compromise

Community Discussion

No community discussion yet for this question.

Full CISSP Practice