RAS question
Which of the following is NOT a type of cyber attack?
Correct answer: (B) Firewall installation.
Firewall installation is a security measure used to protect networks and systems, not a type of cyber attack.
Explanation
Firewall installation is not a cyber attack because a firewall is a defensive control. The NIST bulletin describes firewalls as devices or programs that help organisations protect networks, systems, and computers from hostile attacks, break-ins, and malicious software. It also explains that firewalls control network traffic and can block traffic not expressly permitted by policy, reducing the risk of attack. That matches the question’s distinction: XSS, man-in-the-middle attacks, and SQL injection are attack techniques, while installing a firewall is a protective step taken against such threats. So option B is the only item that names a security measure rather than an attack method.
Why the other options are wrong
- (A) Cross-site scripting is an attack because it involves injecting malicious scripts into web pages, so it belongs in the cyber-attack category.
- (C) A man-in-the-middle attack is a cyber attack because the attacker intercepts communication between two parties.
- (D) SQL injection is a cyber attack because it exploits database vulnerabilities in web applications.
Concept
This tests the basic cyber-security distinction between attack vectors and defensive controls. RAS repeatedly asks such terms because administrators must recognise both common threats and the measures used to reduce their risk.
