An attacker is attempting to compromise accounts protected by the lockout threshold using a dictionary. Which of the following security requirements by FISMA will be impacted most likely if the attack succeeds? (Source: Wentz QOTD)
A. Integrity
B. Availability
C. Ownership
D. Custodianship
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Integrity.
This question is subject to the condition, “if the attack succeeds.” The dictionary attack shall lead to user account lockouts, if the number of failed attempts is more than the threshold or clipping level, and hinder availability. If it succeeds, the compromised accounts may affect authenticity, a security property of integrity.
This question is asking about the “consequences” part of risk analysis. Ownership and custodianship don’t refer to risk analysis. Instead, they imply tracing responsibility and accountability after the risk materialized. It may lead to the blame game if not managed properly. Moreover, they are not specifically mentioned in FISMA.
Reference
- Network Access Control
- Captive portal
- Honeypot (computing)
- What is an Intrusion Prevention System – IPS
- Federal Information Security Management Act of 2002
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
攻擊者試圖使用字典來破壞受鎖定閾值保護的帳戶。 如果攻擊成功,最有可能會影響以下哪些FISMA的安全要求??
A. 完整性
B. 可用性
C. 所有權
D. 監護權