CISSP Exam QuestionsBrowse all questions from this exam
Go to Exam

CISSP Exam - Question 16

Which application type is considered high risk and provides a common way for malware and viruses to enter a network?

Show Answer
Correct Answer: B

Peer-to-Peer (P2P) file sharing applications are considered high-risk because they provide a common way for malware and viruses to enter a network. This is due to the decentralized nature of P2P networks, which can allow malicious files to be easily distributed and shared among users. Even if the user is cautious, the lack of centralized control and potential for unverified files increases the risk significantly. Additionally, some P2P applications can bypass firewall protections, further exposing the network to threats.

Discussion

10 comments
Sign in to comment
DButtareOption: B
Sep 14, 2022

P2P is a vehicle of spyware, viruses, Trojan horses, worms

JAckThePipOption: B
Oct 2, 2022

Answer is B "Eliminating unsecured file shares, which are a common way for malware to spread" https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-83r1.pdf

febd35a
Mar 11, 2024

I believe eliminating unsecured file shares in that context would be like a shared drive on the network that isn't secure. If you have a SAN that doesn't require authentication (isn't secured) that would be a problem.

dev46Option: B
Sep 17, 2022

P2P sounds good The question ask about application type. The keyword is "type". So, D will be eliminated straight away. Among A, B and C - PGP can be used for email protection and I can't recall but there is protection for chat app too. P2P such as torrent is the risky one.

IvanchunOption: B
Dec 28, 2022

Same as Torrent -> P2P

franbarproOption: B
Sep 7, 2022

P2P file sharing is the process of sharing and transferring digital files from one computer to another. If you aren’t careful, P2P file sharing can subject you to spyware, viruses, Trojan horses, worms and identity theft. Some P2P applications can even modify or penetrate your computer’s firewall without detection.

EltoothOption: B
Oct 27, 2022

B is correct answer. P2P file sharing.

cccispmanOption: B
Dec 29, 2022

Agreed B is highly likely to be correct. I was tempted to select email. Another reason why I go with B is because option D is positioned to trick the candidate. "D. End-to-end applications" closest match to P2P, so answer is B

jackdryan
Apr 23, 2023

B is correct

vorozcoOption: B
Jun 21, 2023

B is correct

Koko4KoshOption: A
Feb 27, 2024

The key word here (I believe) is Common. Not common for business to have P2P installed on corp devices. But chat sure is.

febd35a
Mar 11, 2024

but it doesn't say the application is common, it says the application provides a common way for malware to enter a network.

Jenkins3molOption: B
Apr 28, 2024

I believe I read this from our code of conduct