CompTIA Security Plus Mock Test Q542

Pete’s corporation has outsourced help desk services to a large provider. Management has published a procedure that requires all users, when receiving support, to call a special number. Users then need to enter the code provided to them by the help desk technician prior to allowing the technician to work on their PC. Which of the following does this procedure prevent?

A. Collusion
B. Impersonation
C. Pharming
D. Transitive Access

Correct Answer: B
Section: Threats and Vulnerabilities

Impersonation is where a person, computer, software application or service pretends to be someone or something it’s not. Impersonation is commonly non-maliciously used in client/ server applications. However, it can also be used as a security threat.
The procedure the users have to go through is to ensure that the technician who will have access to the computer is a genuine technician and not someone impersonating a technician.

Incorrect Answers:
A: In computer security, ‘collusion’ is the practice of two or more people working together to commit fraud, data theft or some other malicious act. The procedure in the question is not designed to prevent collusion.
C: Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming ‘poisons’ a DNS server by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing. The procedure in the question is not designed to prevent pharming.
D: With transitive access, one party (A) trusts another party (B). If the second party (B) trusts another party (C), then a relationship can exist where the first party (A) also may trust the third party (C). The procedure in the question is not designed to prevent transitive access.