An attacker is attempting to compromise accounts protected by the lockout threshold using a dictionary. Which of the following security requirements by FISMA will be impacted most likely if the attack succeeds? (Source: Wentz QOTD)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Integrity.
This question is subject to the condition, “if the attack succeeds.” The dictionary attack shall lead to user account lockouts, if the number of failed attempts is more than the threshold or clipping level, and hinder availability. If it succeeds, the compromised accounts may affect authenticity, a security property of integrity.
This question is asking about the “consequences” part of risk analysis. Ownership and custodianship don’t refer to risk analysis. Instead, they imply tracing responsibility and accountability after the risk materialized. It may lead to the blame game if not managed properly. Moreover, they are not specifically mentioned in FISMA.
- Network Access Control
- Captive portal
- Honeypot (computing)
- What is an Intrusion Prevention System – IPS
- Federal Information Security Management Act of 2002
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.