GIAC
GCIH · Question #32
GCIH Question #32: Real Exam Question with Answer & Explanation
The correct answer is A: Spoofing. Spoofing, brute force, and dictionary attacks all directly target access control mechanisms to gain unauthorized access, while mail bombing is a denial-of-service attack that does not attempt to bypass access controls.
Vulnerability Exploitation & Privilege Escalation
Question
Which of the following are types of access control attacks? Each correct answer represents a complete solution. Choose all that apply.
Options
- ASpoofing
- BBrute force attack
- CDictionary attack
- DMail bombing
Explanation
Spoofing, brute force, and dictionary attacks all directly target access control mechanisms to gain unauthorized access, while mail bombing is a denial-of-service attack that does not attempt to bypass access controls.
Common mistakes.
- D. Mail bombing is a denial-of-service attack that floods a mail server with excessive message volume to overwhelm it; it does not attempt to circumvent or exploit access control mechanisms to gain unauthorized access.
Concept tested. Identifying access control attack categories
Reference. https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final
Topics
#spoofing#brute force#dictionary attack#access control attacks
Community Discussion
No community discussion yet for this question.