This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 30%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
Dear team,
I would like to argue if the answer to the test question provided at the end of the "Describe basic cybersecurity threats, attacks, and mitigations" module is correct. The question states: "Which type of attack employs malicious websites or browser extensions to get users to download malicious software on their devices, or change a user's browser settings, providing an entry point to the wider system or network.".
The provided correct answer is "Browser."
However, "browser" is not an attack type and description of the situation might be just a specific case of a social engineering, which is indicated as another option to answer. Thank you!
This question is related to the following Learning Module
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 73%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Hi Paulius Petretis,
We appreciate your engagement with us on the Microsoft Q&A forum.
Thank you for your inquiry regarding the test question in the "Describe basic cybersecurity threats, attacks, and mitigations" module.
The question inquired about a scenario involving malicious websites or browser extensions that prompt users to download harmful software or alter browser settings, potentially creating a pathway to compromise wider systems or networks. The correct answer provided is "Browser."
Upon reviewing your feedback, we understand your concern regarding the classification of "Browser" as an attack type. Allow us to provide further clarity:
The term "Browser" in this context refers to a category of attacks that exploit vulnerabilities within web browsers or their extensions. While social engineering can indeed play a role in enticing users to interact with these malicious elements, the primary focus of the question is on the technical exploitation of browser weaknesses.
To elaborate:
In essence, the question highlights the method by which attackers exploit technical flaws in browsers, rather than the initial social engineering tactic used to lure users to malicious sites.
Therefore, "Browser" can be considered the most appropriate answer because it focuses on the technical method used to compromise the system.
We hope this explanation clarifies the distinction and addresses your concerns.
Should you encounter any issues, please do not hesitate to contact us, and we will be pleased to assist you further.
If you find this response helpful, your acknowledgment by clicking the "Upvote" and "Accept Answer" buttons would be greatly appreciated.
Dear Pnaroju, thank you for your answer.
Wording you seggested "Browser-based attacks" makes more sense.
However, I am still thinking that the provided answer is ambiguous. Let me explain my point. The exact wording of the question is "Which type of attack employs malicious websites or browser extensions to get users to download malicious software on their devices, or change a user's browser settings, providing an entry point to the wider system or network." Social engineering (specifically spear phishing) can employ malicious websites or software (that can be browser extentions) to get users to download (can also mean - to lure, manipulate) malicious software <...> etc.
I find this course very relevant as a basic information security awareness overview, but as a long-term expert in the field I cannot agree it is structured right at the moment. If we have different oppinions on the answers - everybody will have as well :)
Thank you!
Hi Paulius Petretis,
We appreciate you reaching out and sharing your valuable perspective. You're absolutely right that social engineering, particularly spear phishing, can leverage malicious websites and browser extensions to trick users into downloading malware.
In the context of the specific question, "Browser" is the most fitting answer because it narrows down to the technical exploitation method. While social engineering might be the initial step that lures a user in, the actual attack hinges on vulnerabilities within the browser itself.
We can think of it this way: social engineering sets the stage, but the browser vulnerabilities are the tools the attacker uses to gain access to the system.
We understand that the answer might seem broad at first, considering the social engineering aspect. However, the core of the question lies in the technical exploitation of the browser, making "Browser" the most precise response.
While there might be room for interpretation based on different perspectives, considering the technical focus of the question, "Browser" remains the most suitable answer in this specific instance.
Your feedback as a long-term security expert is incredibly valuable to us.
Thank you.
Hi Paulius Petretis,
We would like to inquire whether your issue has been resolved. If you have any further questions, please let us know. We are happy to help you.
If the information provided is helpful, please accept the answer by clicking the "Upvote" and "Accept Answer" on the post.
Thank you.