GIAC Certified Incident Handler (GCIH) — Question 197

Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access.
How was security compromised and how did the firewall respond?

Answer options

• A. The attack was social engineering and the firewall did not detect it.
• B. Security was not compromised as the webpage was hosted internally.
• C. The attack was Cross Site Scripting and the firewall blocked it.
• D. Security was compromised as keylogger is invisible for firewall.

Correct answer: A

Explanation

The correct answer is A because the keylogger was installed through social engineering tactics, which typically evade traditional security measures like firewalls. Options B and C are incorrect because the internal hosting of the webpage does not eliminate the risk and the firewall did not block the social engineering attack. Option D is misleading as it implies the keylogger's invisibility to firewalls, but the primary issue was the social engineering aspect.