Which of the following pairs of attacks are described as the theft of login credentials through deception or manipulation in order to install remote access and monitoring software on to a device?
The theft of login credentials through deception or manipulation (social engineering) and the subsequent installation of remote access and monitoring software (malware) describes a two-pronged attack strategy.
Social Engineering:
Exploits human vulnerabilities by deceiving individuals into sharing login credentials.
Common methods include phishing emails, pretexting, or baiting.
Malware:
Once access is gained, malicious software is installed to monitor activity, capture data, or provide unauthorized remote control of the device.
Combined Threat:
Social engineering provides initial access, and malware escalates the threat by maintaining persistence or exfiltrating data.
B: Direct hacking involves technical exploitation, not manipulation.
C: Direct hacking and malware do not focus on deceptive methods like social engineering.
D: Web attacks may involve exploitation but lack the social engineering aspect.
Key Characteristics of the Attacks:Why Other Options Are Incorrect:ASIS CPP® References:
Domain 4: Information SecurityDiscusses cyber threats, including social engineering and malware as key components of multi-vector attacks.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit