Certified Information Systems Security Professional (CISSP) — Question 305

What type of database attack would allow a customer service employee to determine quarterly sales results before they are publicly announced?

Answer options

• A. Inference
• B. Aggregation
• C. Polyinstantiation
• D. Data mining

Correct answer: A

Explanation

The correct answer is A, Inference, as this type of attack allows an unauthorized user to deduce sensitive information from available data. Aggregation (B) involves combining data to produce summaries, while Polyinstantiation (C) deals with handling multiple versions of data in a database. Data mining (D) refers to analyzing large sets of data for patterns but does not specifically enable unauthorized access to confidential information.