nerdexam
(ISC)2

CISSP · Question #267

Which of the following are effective countermeasures against passive network-layer attacks?

The correct answer is C. Encryption and security enabled applications. Passive network-layer attacks (such as eavesdropping and traffic analysis) are best countered by encryption and security-enabled applications, which prevent intercepted data from being read or exploited.

Submitted by tom_us· Mar 5, 2026Communication and Network Security

Question

Which of the following are effective countermeasures against passive network-layer attacks?

Options

  • AFederated security and authenticated access controls
  • BTrusted software development and run time integrity controls
  • CEncryption and security enabled applications
  • DEnclave boundary protection and computing environment defense

How the community answered

(21 responses)
  • A
    19% (4)
  • B
    5% (1)
  • C
    71% (15)
  • D
    5% (1)

Why each option

Passive network-layer attacks (such as eavesdropping and traffic analysis) are best countered by encryption and security-enabled applications, which prevent intercepted data from being read or exploited.

AFederated security and authenticated access controls

Federated security and authenticated access controls address identity and authorization concerns, which are countermeasures against active attacks or unauthorized access rather than passive interception of network traffic.

BTrusted software development and run time integrity controls

Trusted software development and runtime integrity controls defend against software tampering and malicious code execution, targeting the computing environment rather than passive network-layer eavesdropping.

CEncryption and security enabled applicationsCorrect

Passive network-layer attacks involve intercepting and monitoring traffic without altering it, meaning the attacker gains value by reading the data in transit. Encryption renders intercepted data unreadable, directly neutralizing the threat, while security-enabled applications enforce encrypted communications protocols (e.g., TLS) to prevent data exposure at the network layer.

DEnclave boundary protection and computing environment defense

Enclave boundary protection and computing environment defense focus on perimeter and host-level security controls, which do not directly prevent an attacker from passively capturing and reading unencrypted data traversing the network.

Concept tested: Countermeasures against passive network-layer attacks

Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Topics

#Network security#Passive attacks#Encryption#Network layer security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice