nerdexam
(ISC)2

CISSP · Question #149

Refer to the information below to answer the question. A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns. What is t

The correct answer is C. Client-based attacks are more common and easier to exploit than server and network based. Client-based attacks are the most prevalent attack vector in enterprise environments, making them the primary reason organizations should prioritize mitigation planning.

Submitted by rania.sa· Mar 5, 2026Security and Risk Management

Question

Refer to the information below to answer the question. A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns. What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?

Options

  • AClient privilege administration is inherently weaker than server privilege administration.
  • BClient hardening and management is easier on clients than on servers.
  • CClient-based attacks are more common and easier to exploit than server and network based
  • DClient-based attacks have higher financial impact.

How the community answered

(24 responses)
  • A
    4% (1)
  • B
    8% (2)
  • C
    63% (15)
  • D
    25% (6)

Why each option

Client-based attacks are the most prevalent attack vector in enterprise environments, making them the primary reason organizations should prioritize mitigation planning.

AClient privilege administration is inherently weaker than server privilege administration.

While privilege mismanagement can affect clients, privilege administration is not inherently weaker on clients than servers; in fact, servers often run with elevated service accounts and are also subject to privilege escalation vulnerabilities, making this comparison inaccurate as the primary justification.

BClient hardening and management is easier on clients than on servers.

Client hardening and management is generally considered more difficult than server hardening due to the sheer volume of endpoints, diverse software configurations, and inconsistent user behavior, making this statement factually incorrect.

CClient-based attacks are more common and easier to exploit than server and network basedCorrect

Client-based attacks, such as phishing, drive-by downloads, and malicious email attachments, are statistically the most frequent attack vectors because end users are numerous, often less security-aware, and interact with untrusted external content regularly. Attackers favor clients because they present a larger attack surface with lower technical barriers to exploit compared to hardened servers, which typically have fewer exposed services and more controlled access. This prevalence and ease of exploitation make mitigation a top security priority for organizations.

DClient-based attacks have higher financial impact.

While client-based attacks can result in significant financial losses, financial impact alone is not consistently higher for client-based attacks versus server-based attacks such as data breaches or ransomware targeting servers, and this is not the best justification for prioritizing a mitigation plan.

Concept tested: Justification for mitigating client-based attack vectors

Source: https://www.cisa.gov/topics/cyber-threats-and-advisories/malware-phishing

Topics

#client-side attacks#attack vectors#risk assessment#threat landscape

Community Discussion

No community discussion yet for this question.

Full CISSP Practice