nerdexam
ExamsCSSLPQuestions#218
(ISC)2(ISC)2

CSSLP · Question #218

CSSLP Question #218: Real Exam Question with Answer & Explanation

The correct answer is C: Confidentiality. Shoulder surfing directly aims to steal sensitive information, like passwords, by observing an individual, thus violating the principle of confidentiality.

Secure Software Concepts

Question

Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

Options

  • AIntegrity
  • BAvailability
  • CConfidentiality
  • DAuthenticity

Explanation

Shoulder surfing directly aims to steal sensitive information, like passwords, by observing an individual, thus violating the principle of confidentiality.

Common mistakes.

  • A. Integrity ensures that information is accurate and has not been altered without authorization, which is not directly violated by merely observing data.
  • B. Availability ensures that authorized users have access to information and systems when needed, which is not directly affected by shoulder surfing.
  • D. Authenticity ensures that users are who they claim to be; however, shoulder surfing itself is about stealing credentials, not directly compromising the system's ability to authenticate before the credentials are used.

Concept tested. CIA Triad - Confidentiality violation

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/get-started-security-fundamentals#confidentiality-integrity-and-availability-the-cia-triad

Topics

#Shoulder surfing#Confidentiality#In-person attacks#Information gathering

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CSSLP PracticeBrowse All CSSLP Questions