exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam

Exam CISSP topic 1 question 23 discussion

Actual exam question from ISC's CISSP
Question #: 23
Topic #: 1
[All CISSP Questions]

A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?

  • A. Organization loses control of their network devices.
  • B. Network is flooded with communication traffic by the attacker.
  • C. Network management communications is disrupted.
  • D. Attacker accesses sensitive information regarding the network topology.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
JAckThePip
Highly Voted 2 years, 2 months ago
ATTENTION the attacker is planning . If we consider that iy is need know the network to attack, the correct answer is D "attackers act like detectives, gathering information to truly understand their target. From examining email lists to open source information, their goal is to know the network better than the people who run and maintain it. They hone in on the security aspect of the technology, study the weaknesses, and use any vulnerability to their advantage." https://www.graylog.org/post/cyber-security-understanding-the-5-phases-of-intrusion
upvoted 13 times
...
Mgz156
Highly Voted 2 years, 3 months ago
Selected Answer: A
Answer is A Losing control of their network devices to Criminal organization is the Highest risk
upvoted 7 times
jackdryan
1 year, 8 months ago
A is correct
upvoted 1 times
...
...
fathermora
Most Recent 3 weeks, 3 days ago
Selected Answer: A
My initial thought was D but on a second thought, I agree the answer is A. You may have sensitive information about the network topology (not people or sensitive government data), yet unable to break the network security.
upvoted 1 times
...
Fouad777
1 month, 1 week ago
A. Organization loses control of their network devices. When an organization loses control of their network devices, it means the attackers can potentially take over the entire network infrastructure. This scenario allows for a wide range of malicious activities, including the possibility of shutting down services, stealing sensitive data, deploying malware, and causing extensive damage. The other scenarios are certainly serious, but losing control of network devices represents a more comprehensive and critical threat.
upvoted 1 times
...
KennethLZK
1 month, 2 weeks ago
Selected Answer: A
Although D can be used to plan further attacks, it is not as immediately damaging as losing control of the network devices. Therefore A is better option here.
upvoted 1 times
...
deeden
4 months, 3 weeks ago
Selected Answer: D
Agree with option D. Sensitive information sound to have higher risk than loosing control of network devices. You can always shutdown the hardware at the expense to operation, but it's like taking away their only advantage. You can always replace the devices, but sensitive or critical network architecture sound more expensive to overhaul.
upvoted 1 times
...
somsom
6 months, 1 week ago
When you know about the information in the network, it will make you leverage it and have access to the network, thereby making the organization lose control of the network. Once you know the organization's Main IP of the network is very risky, you can use it to flood traffic to gain control of the network.
upvoted 2 times
...
Jenkins3mol
8 months ago
Selected Answer: A
Reconnaissance Weaponising Delivery Installation Exploitation <--- D when knows about sensitive information Command and control <--A is at this stage Action
upvoted 2 times
...
CCNPWILL
8 months, 2 weeks ago
IF you think its NOT A.... you are not reading the question closely enough. The answer is A.
upvoted 1 times
...
Rumor19
11 months ago
Why not B? If we consider that, we have to answer the question "What is the highest risk for the (attacking) organization?" It should be B. A is easy to solve for an attacker. "Their network devices" means their own network devices like a internet router. Not the ones in the goverment network. Just use a new internet access or hardware. But if they flood the goverment network with (unnaturally) communication traffic, they get flagged by IDS/IPS and easily detected.
upvoted 1 times
...
Soleandheel
1 year ago
Guys you have to read the question again. Try to understand the question better. The organization being refered to with regard to the highest risk is the Criminal Organization not the government network. A CRIMINAL ORGANIZATION is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the ORGANIZATION? (To the criminals organization) - A: Will compromise the criminal organization, cannot carry out planned attack. I agree with Markrlucas
upvoted 3 times
...
AlexJacobson
1 year, 1 month ago
Selected Answer: D
It's a GOVERNMENT network! I think this is the key hint that decides whether the answer is A or D. In my opinion, A can come as a consequence of D. By gaining access to sensitive information about the network topology, criminal organization would basically know everything about the network making the attacks on the network more effective and more dangerous. So for me, it's D.
upvoted 2 times
...
Law88
1 year, 3 months ago
Selected Answer: D
The scenario that presents the highest risk to the organization is D. Attacker accesses sensitive information regarding the network topology. The network topology is the arrangement and configuration of the network devices, such as routers, switches, firewalls, servers, etc., and the connections between them, such as cables, wireless links, protocols, etc. The network topology defines how the network operates, communicates, and performs.
upvoted 1 times
...
markrlucas
1 year, 6 months ago
Selected Answer: A
A CRIMINAL ORGANIZATION is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the ORGANIZATION? (To the criminals organization) - A: Will compromise the criminal organization, cannot carry out planned attack.
upvoted 5 times
ats20
2 months ago
Agree with A - losing control of network devices can have far-reaching consequences for the criminal org.
upvoted 1 times
...
...
s_n_
1 year, 11 months ago
D presents the highest risk to the organization because it implies that the attacker has gained access to sensitive information about the network topology. This could enable the attacker to more effectively exploit the network by understanding its structure and vulnerabilities, which could result in more significant damage and disruption.
upvoted 2 times
...
Cyber_Punk_Rock
1 year, 12 months ago
Why isn't D? like if attackers get Network topology, they have access to the IP ranges, Protocols being used, Ports, Operating system in use on the network including how many firewalls and switches in use.
upvoted 4 times
...
rootic
2 years, 2 months ago
Selected Answer: A
Agree with A.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago