nerdexam
(ISC)2

CISSP · Question #147

Refer to the information below to answer the question. A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns. In additi

The correct answer is D. Email, media players, and instant messaging applications. Mobile code attacks extend beyond web browsers to other client-side applications that can execute or render dynamic content. Identifying the primary attack surfaces is critical for defending against client-based threats.

Submitted by yasin.bd· Mar 5, 2026Asset Security

Question

Refer to the information below to answer the question. A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns. In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes?

Options

  • AText editors, database, and Internet phone applications
  • BEmail, presentation, and database applications
  • CImage libraries, presentation and spreadsheet applications
  • DEmail, media players, and instant messaging applications

How the community answered

(39 responses)
  • B
    5% (2)
  • C
    3% (1)
  • D
    92% (36)

Why each option

Mobile code attacks extend beyond web browsers to other client-side applications that can execute or render dynamic content. Identifying the primary attack surfaces is critical for defending against client-based threats.

AText editors, database, and Internet phone applications

Text editors, database, and Internet phone applications are not primary vectors for mobile code execution, as text editors typically handle plain text without executing scripts and database/VoIP applications are not commonly targeted delivery mechanisms for mobile code attacks.

BEmail, presentation, and database applications

While email is a valid concern, presentation and database applications are not primary mobile code attack vectors; database applications operate server-side or require authenticated access, and presentation software is a far less common attack surface compared to media players and instant messaging clients.

CImage libraries, presentation and spreadsheet applications

Image libraries and spreadsheet applications are not primary mobile code attack surfaces; although spreadsheet macros can pose some risk, image libraries and presentation tools lack the broad, internet-connected, user-facing exposure that makes email, media players, and instant messaging the dominant targets.

DEmail, media players, and instant messaging applicationsCorrect

Email clients, media players, and instant messaging applications are primary vectors for mobile code attacks because they routinely process and execute dynamic or embedded content (scripts, macros, rich media) received from untrusted sources. These applications can be exploited to run malicious code without direct browser involvement, making them the most significant non-browser client-side attack surfaces. Securing these three application categories is essential to a comprehensive client-based attack mitigation plan.

Concept tested: Client-based mobile code attack vectors beyond browsers

Source: https://csrc.nist.gov/publications/detail/sp/800-28/version-2/final

Topics

#mobile code#client-side attacks#exploit vectors#application security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice