Aspirant Academy

RAS question

Which of the following is NOT a type of cyber attack?

Correct answer: (B) Firewall installation.

Firewall installation is a security measure used to protect networks and systems, not a type of cyber attack.

  1. (A)

    Cross-site scripting (XSS)

  2. (B)

    Firewall installation

  3. (C)

    Man-in-the-Middle attack

  4. (D)

    SQL injection

Explanation

Firewall installation is not a cyber attack because a firewall is a defensive control. The NIST bulletin describes firewalls as devices or programs that help organisations protect networks, systems, and computers from hostile attacks, break-ins, and malicious software. It also explains that firewalls control network traffic and can block traffic not expressly permitted by policy, reducing the risk of attack. That matches the question’s distinction: XSS, man-in-the-middle attacks, and SQL injection are attack techniques, while installing a firewall is a protective step taken against such threats. So option B is the only item that names a security measure rather than an attack method.

Why the other options are wrong

  • (A) Cross-site scripting is an attack because it involves injecting malicious scripts into web pages, so it belongs in the cyber-attack category.
  • (C) A man-in-the-middle attack is a cyber attack because the attacker intercepts communication between two parties.
  • (D) SQL injection is a cyber attack because it exploits database vulnerabilities in web applications.

Concept

This tests the basic cyber-security distinction between attack vectors and defensive controls. RAS repeatedly asks such terms because administrators must recognise both common threats and the measures used to reduce their risk.

Source

Related questions