{"id":632,"date":"2021-01-17T05:36:58","date_gmt":"2021-01-16T18:03:21","guid":{"rendered":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0624\/"},"modified":"2021-01-17T05:44:29","modified_gmt":"2021-01-17T05:44:29","slug":"systems-security-certified-practitioner-sscp-question0624","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0624\/","title":{"rendered":"Systems Security Certified Practitioner &#8211; SSCP &#8211; Question0624"},"content":{"rendered":"<div class=\"question\">Which type of attack would a competitive intelligence attack best classify as? <br \/><strong><br \/>A.<\/strong> Business attack <br \/><strong>B.<\/strong> Intelligence attack <br \/><strong>C.<\/strong> Financial attack <br \/><strong>D.<\/strong> Grudge attack<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>A<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nBusiness attacks concern information loss through competitive intelligence gathering and computer-related attacks. These attacks can be very costly due the loss of trade secrets and reputation.<br \/>\nIntelligence attacks are aimed at sensitive military and law enforcement files containing military data and investigation reports.<br \/>\nFinancial attacks are concerned with frauds to banks and large corporations.<br \/>\nGrudge attacks are targeted at individuals and companies who have done something that the attacker doesn&#8217;t like.<br \/>\nThe CISSP for Dummies book has nice coverage of the different types of attacks, here is an extract:<br \/>\nTerrorism Attacks Terrorism exists at many levels on the Internet. In April 2001, during a period of tense relations between China and the U.S. (resulting from the crash landing of a U.S. Navy reconnaissance plane on Hainan Island), Chinese hackers ( cyberterrorists ) launched a major effort to disrupt critical U.S. infrastructure, which included U.S. government and military systems.<br \/>\nFollowing the terrorist attacks against the U.S. on September 11, 2001, the general public became painfully aware of the extent of terrorism on the Internet. Terrorist organizations and cells are using online capabilities to coordinate attacks, transfer funds, harm international commerce, disrupt critical systems, disseminate propaganda, and gain useful information about developing techniques and instruments of terror, including nuclear , biological, and chemical weapons. Military and intelligence attacks<br \/>\nMilitary and intelligence attacks are perpetrated by criminals, traitors, or foreign intelligence agents seeking classified law enforcement or military information. Such attacks may also be carried out by governments during times of war and conflict. Financial attacks<br \/>\nBanks, large corporations, and e-commerce sites are the targets of financial attacks, all of which are motivated by greed. Financial attacks may seek to steal or embezzle funds, gain access to online financial information, extort individuals or businesses, or obtain the personal credit card numbers of customers.<br \/>\nBusiness attacks<br \/>\nBusinesses are becoming the targets of more and more computer and Internet attacks. These attacks include competitive intelligence gathering, denial of service, and other computer-related attacks. Businesses are often targeted for several reasons including<br \/>\nLack of expertise: Despite heightened security awareness, a shortage of qualified security professionals still exists, particularly in private enterprise.<br \/>\nLack of resources: Businesses often lack the resources to prevent, or even detect, attacks against their systems.<br \/>\nLack of reporting or prosecution : Because of public relations concerns and the inability to prosecute computer criminals due to either a lack of evidence or a lack of properly handled evidence, the majority of business attacks still go unreported.<br \/>\nThe cost to businesses can be significant, including loss of trade secrets or proprietary information, loss of revenue, and loss of reputation. Grudge attacks<br \/>\nGrudge attacks are targeted at individuals or businesses and are motivated by a desire to take revenge against a person or organization. A disgruntled employee, for example, may steal trade secrets, delete valuable data, or plant a logic bomb in a critical system or application.<br \/>\nFortunately, these attacks (at least in the case of a disgruntled employee) can be easier to prevent or prosecute than many other types of attacks because:<br \/>\nThe attacker is often known to the victim.<br \/>\nThe attack has a visible impact that produces a viable evidence trail.<br \/>\nMost businesses (already sensitive to the possibility of wrongful termination suits ) have well-established termination procedures<br \/>\n\u201cFun\u201d attacks \u201cFun\u201d attacks are perpetrated by thrill seekers and script kiddies who are motivated by curiosity or excitement. Although these attackers may not intend to do any harm or use any of the information that they access, they\u2019re still dangerous and their activities are still illegal.<br \/>\nThese attacks can also be relatively easy to detect and prosecute. Because the perpetrators are often script kiddies or otherwise inexperienced hackers, they may not know how to cover their tracks effectively.<br \/>\nAlso, because no real harm is normally done nor intended against the system, it may be tempting (although ill advised) for a business to prosecute the individual and put a positive public relations spin on the incident. You\u2019ve seen the film at 11: \u201cWe quickly detected the attack, prevented any harm to our network, and prosecuted the responsible individual; our security is unbreakable !\u201d Such action, however, will likely motivate others to launch a more serious and concerted grudge attack against the business.<br \/>\nMany computer criminals in this category only seek notoriety. Although it\u2019s one thing to brag to a small circle of friends about defacing a public Web site, the wily hacker who appears on CNN reaches the next level of hacker celebrity-dom. These twisted individuals want to be caught to revel in their 15 minutes of fame.<br \/>\nReferences: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 10: Law, Investigation, and Ethics (page 187) and CISSP Professional Study Guide by James Michael Stewart, Ed Tittel, Mike Chapple, page 607-609 and CISSP for Dummies, Miller L. H. and Gregory P. H. ISBN: 0470537914, page 309-311<\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Which type of attack would a competitive intelligence attack best classify as? A. Business attack B. Intelligence attack C. Financial attack D. Grudge attack Show Answer Hide Answer Correct Answer: A Explanation: Business attacks concern information loss through competitive intelligence gathering and computer-related attacks. These attacks can be very costly due the loss of trade [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[1078,627,3],"class_list":["post-632","post","type-post","status-publish","format-standard","hentry","category-systems-security-certified-practitioner-sscp","tag-choices","tag-question-0624","tag-systems-security-certified-practitioner-sscp"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/comments?post=632"}],"version-history":[{"count":1,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/632\/revisions"}],"predecessor-version":[{"id":1708,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/632\/revisions\/1708"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/media?parent=632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/categories?post=632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/tags?post=632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}