Which of the following attack compromises confidentiality? (Choose two options)
Denial of Service attack
Ransomware attack
Disclosure of passwords to unauthorized persons
Keylogger – ?a malware that captures the keystrokes
The correct answer and explanation is :
The two correct answers are:
- Disclosure of passwords to unauthorized persons
- Keylogger (a malware that captures keystrokes)
Explanation
Confidentiality in cybersecurity refers to protecting sensitive data from unauthorized access or disclosure. Any attack that exposes private or restricted information compromises confidentiality.
1. Disclosure of passwords to unauthorized persons
When passwords are disclosed to unauthorized individuals, they gain access to sensitive information, systems, or networks. This leads to a direct violation of confidentiality. Attackers can use these credentials to steal data, impersonate legitimate users, or gain unauthorized privileges. This type of attack is often caused by phishing, social engineering, or weak password management.
2. Keylogger (malware that captures keystrokes)
A keylogger is a type of malware designed to record every keystroke a user types on their keyboard. Attackers use it to steal passwords, credit card numbers, and other confidential information. Since it captures sensitive data without the user’s knowledge, it severely compromises confidentiality. Keyloggers are commonly installed through malicious emails, fake software downloads, or infected USB drives.
Why the Other Options Are Incorrect?
- Denial of Service (DoS) attack:
- This attack aims to make a service or network unavailable by overwhelming it with traffic. It affects availability, not confidentiality.
- Ransomware attack:
- This attack encrypts a victim’s files and demands a ransom for decryption. While it affects availability and integrity, confidentiality is not necessarily impacted unless the attacker also steals the data before encrypting it.
Conclusion
Both disclosure of passwords and keylogger malware directly expose sensitive information, leading to a loss of confidentiality. These threats highlight the importance of strong authentication practices and cybersecurity awareness.
