Passive Attacks: Understanding Security Threats | Exam Prep

Passive Attacks

Prev Question Next Question

Question

Which of the following is an example of a passive attack?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

Shoulder surfing is a form of a passive attack involving stealing passwords, personal identification numbers or other confidential information by looking over someone's shoulder.

All other forms of attack are active attacks, where a threat makes a modification to the system in an attempt to take advantage of a vulnerability.

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 3: Security Management Practices (page 63).

Among the given options, "Shoulder surfing" is an example of a passive attack.

Passive attacks are the ones in which an attacker intercepts or eavesdrops on data transmissions, without altering or modifying the data. These attacks aim to gain unauthorized access to sensitive information, without raising any alarms or leaving any traces behind.

Shoulder surfing is a type of passive attack where an attacker looks over the shoulder of a user to observe and steal sensitive information such as login credentials, PIN codes, credit card numbers, etc. The attacker can do this by physically standing behind the user, or by using binoculars, cameras, or other tools to capture the user's screen or keyboard.

Denying services to legitimate users is an example of a denial of service (DoS) attack, where an attacker floods a network or a system with traffic or requests, causing it to crash or become unavailable to legitimate users.

Brute-force password cracking is an example of an active attack, where an attacker tries to guess or crack passwords by trying out different combinations of characters until the correct password is found.

Smurfing is also an example of an active attack, where an attacker sends ICMP echo requests to IP broadcast addresses, spoofing the source IP address of the victim, causing a flood of responses to be sent back to the victim, overwhelming their network and causing it to crash.