Exam CISSP topic 1 question 23 discussion

ATTENTION the attacker is planning . If we consider that iy is need know the network to attack, the correct answer is D "attackers act like detectives, gathering information to truly understand their target. From examining email lists to open source information, their goal is to know the network better than the people who run and maintain it. They hone in on the security aspect of the technology, study the weaknesses, and use any vulnerability to their advantage." https://www.graylog.org/post/cyber-security-understanding-the-5-phases-of-intrusion

Answer is A Losing control of their network devices to Criminal organization is the Highest risk

D (Accessing Network Topology) is higher risk because it provides an immediate blueprint of the network, allowing an attacker to plan highly targeted and strategic attacks, even if they don’t control the devices immediately. It gives them insight into which devices to target, where vulnerabilities may exist, and how to move through the network with minimal detection. A (Losing Control of Network Devices), while still very serious, is a tactical step that requires the attacker to first gain control over individual devices and then figure out the network layout, which is a slower and potentially more detectable process. So, the direct access to sensitive topology information provides an attacker with a much faster and more effective path to compromise the entire network, making D the higher risk in the scenario. I believe "D" is the right answer

Once an attacker takes control of the network, all other attacks listed from B to D can be easily perpetrated. So, the most important of the options is A

My initial thought was D but on a second thought, I agree the answer is A. You may have sensitive information about the network topology (not people or sensitive government data), yet unable to break the network security.

A. Organization loses control of their network devices. When an organization loses control of their network devices, it means the attackers can potentially take over the entire network infrastructure. This scenario allows for a wide range of malicious activities, including the possibility of shutting down services, stealing sensitive data, deploying malware, and causing extensive damage. The other scenarios are certainly serious, but losing control of network devices represents a more comprehensive and critical threat.

Although D can be used to plan further attacks, it is not as immediately damaging as losing control of the network devices. Therefore A is better option here.

Agree with option D. Sensitive information sound to have higher risk than loosing control of network devices. You can always shutdown the hardware at the expense to operation, but it's like taking away their only advantage. You can always replace the devices, but sensitive or critical network architecture sound more expensive to overhaul.

When you know about the information in the network, it will make you leverage it and have access to the network, thereby making the organization lose control of the network. Once you know the organization's Main IP of the network is very risky, you can use it to flood traffic to gain control of the network.

Reconnaissance Weaponising Delivery Installation Exploitation <--- D when knows about sensitive information Command and control <--A is at this stage Action

IF you think its NOT A.... you are not reading the question closely enough. The answer is A.

Why not B? If we consider that, we have to answer the question "What is the highest risk for the (attacking) organization?" It should be B. A is easy to solve for an attacker. "Their network devices" means their own network devices like a internet router. Not the ones in the goverment network. Just use a new internet access or hardware. But if they flood the goverment network with (unnaturally) communication traffic, they get flagged by IDS/IPS and easily detected.

Guys you have to read the question again. Try to understand the question better. The organization being refered to with regard to the highest risk is the Criminal Organization not the government network. A CRIMINAL ORGANIZATION is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the ORGANIZATION? (To the criminals organization) - A: Will compromise the criminal organization, cannot carry out planned attack. I agree with Markrlucas

It's a GOVERNMENT network! I think this is the key hint that decides whether the answer is A or D. In my opinion, A can come as a consequence of D. By gaining access to sensitive information about the network topology, criminal organization would basically know everything about the network making the attacks on the network more effective and more dangerous. So for me, it's D.

The scenario that presents the highest risk to the organization is D. Attacker accesses sensitive information regarding the network topology. The network topology is the arrangement and configuration of the network devices, such as routers, switches, firewalls, servers, etc., and the connections between them, such as cables, wireless links, protocols, etc. The network topology defines how the network operates, communicates, and performs.

A CRIMINAL ORGANIZATION is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the ORGANIZATION? (To the criminals organization) - A: Will compromise the criminal organization, cannot carry out planned attack.

D presents the highest risk to the organization because it implies that the attacker has gained access to sensitive information about the network topology. This could enable the attacker to more effectively exploit the network by understanding its structure and vulnerabilities, which could result in more significant damage and disruption.