CISSP · Question #147
Refer to the information below to answer the question. A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns. In additi
The correct answer is D. Email, media players, and instant messaging applications. Mobile code attacks extend beyond web browsers to other client-side applications that can execute or render dynamic content. Identifying the primary attack surfaces is critical for defending against client-based threats.
Question
Options
- AText editors, database, and Internet phone applications
- BEmail, presentation, and database applications
- CImage libraries, presentation and spreadsheet applications
- DEmail, media players, and instant messaging applications
How the community answered
(39 responses)- B5% (2)
- C3% (1)
- D92% (36)
Why each option
Mobile code attacks extend beyond web browsers to other client-side applications that can execute or render dynamic content. Identifying the primary attack surfaces is critical for defending against client-based threats.
Text editors, database, and Internet phone applications are not primary vectors for mobile code execution, as text editors typically handle plain text without executing scripts and database/VoIP applications are not commonly targeted delivery mechanisms for mobile code attacks.
While email is a valid concern, presentation and database applications are not primary mobile code attack vectors; database applications operate server-side or require authenticated access, and presentation software is a far less common attack surface compared to media players and instant messaging clients.
Image libraries and spreadsheet applications are not primary mobile code attack surfaces; although spreadsheet macros can pose some risk, image libraries and presentation tools lack the broad, internet-connected, user-facing exposure that makes email, media players, and instant messaging the dominant targets.
Email clients, media players, and instant messaging applications are primary vectors for mobile code attacks because they routinely process and execute dynamic or embedded content (scripts, macros, rich media) received from untrusted sources. These applications can be exploited to run malicious code without direct browser involvement, making them the most significant non-browser client-side attack surfaces. Securing these three application categories is essential to a comprehensive client-based attack mitigation plan.
Concept tested: Client-based mobile code attack vectors beyond browsers
Source: https://csrc.nist.gov/publications/detail/sp/800-28/version-2/final
Topics
Community Discussion
No community discussion yet for this question.