CompTIA Security Plus Mock Test Q529

Which of the following is described as an attack against an application using a malicious file?

A. Client side attack
B. Spam
C. Impersonation attack
D. Phishing attack


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
In this question, a malicious file is used to attack an application. If the application is running on a client computer, this would be a client side attack. Attacking a service or application on a server would be a server side attack.
Client-side attacks target vulnerabilities in client applications interacting with a malicious data. The difference is the client is the one initiating the bad connection.
Client-side attacks are becoming more popular. This is because server side attacks are not as easy as they once were according to apache.org.
Attackers are finding success going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients.
To defend against client-side attacks keep-up the most current application patch levels, keep antivirus software updated and keep authorized software to a minimum.

Incorrect Answers:
B: Spam is most often considered to be electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email. However, if a longlost brother finds your email address and sends you a message, this could hardly be called spam, even though it is unsolicited. Real spam is generally email advertising for some product sent to a mailing list or newsgroup.
In addition to wasting people’s time with unwanted e-mail, spam also eats up a lot of network bandwidth. Consequently, there are many organizations, as well as individuals, who have taken it upon themselves to fight spam with a variety of techniques. But because the Internet is public, there is really little that can be done to prevent spam, just as it is impossible to prevent junk mail. However, some online services have instituted policies to prevent spammers from spamming their subscribers. The attack described in this question is not an example of spam.
C: Impersonation is where a person, computer, software application or service pretends to be someone it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat. However, the attack described in this question is not an example of impersonation.
D: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page.
Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people, the “phisher” counts on the email being read by a percentage of people who actually have an account with the legitimate company being spoofed in the email and corresponding webpage.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting. The attack described in this question is not an example of spam.

References:
http://blog.botrevolt.com/what-are-client-side-attacks/
http://www.webopedia.com/TERM/S/spam.html
http://www.webopedia.com/TERM/P/phishing.html