212-82 · Question #167
212-82 Question #167: Real Exam Question with Answer & Explanation
The correct answer is D: Spear phishing through the CEO impersonation email and vishing via the 'IT support' call.. Explanation Option D is correct because the targeted email impersonating the CEO to manipulate a specific, newly appointed CFO is a textbook example of spear phishing (personalized phishing aimed at a specific individual or role), while the fraudulent phone call from fake "IT sup
Question
Jane Is a newly appointed Chief Financial Officer at BigTech Corp. Within a week, she receives an email from a sender posing as the company's CEO. instructing her to make an urgent wire transfer. Suspicious. Jane decides to verify the request's authenticity. She receives another email from the same sender, now attaching a seemingly scanned Image of the CEO's handwritten note. Simultaneously, she gets a call from an 'IT support' representative, instructing her to click on the attached image to download a 'security patch'. Concerned. Jane must determine which social engineering tactics she encountered.
Options
- ABaiting via the handwritten note image and preloading through the 'IT support' call.
- BSpear phishing through both the emails and quizzing via the 'IT support' call.
- CPhishing through the CEO impersonation email and baiting via the 'IT support' call.
- DSpear phishing through the CEO impersonation email and vishing via the 'IT support' call.
Explanation
Explanation
Option D is correct because the targeted email impersonating the CEO to manipulate a specific, newly appointed CFO is a textbook example of spear phishing (personalized phishing aimed at a specific individual or role), while the fraudulent phone call from fake "IT support" attempting to manipulate Jane verbally is vishing (voice/phone-based phishing).
Why the distractors are wrong:
- Option A is incorrect because "preloading" is not a recognized social engineering tactic, and while "baiting" involves luring victims with something enticing (like a USB drive), the handwritten note image is an impersonation tool, not a bait.
- Option B is incorrect because "quizzing" is not a social engineering term, and while emails are involved, the phone call is distinctly vishing, not quizzing.
- Option C is incorrect because generic "phishing" refers to broad, untargeted attacks - since this attack is specifically targeting Jane as the new CFO, it qualifies as the more precise term, spear phishing.
🧠 Memory Tip: Use the phrase "Spear = Specific, Vishing = Voice" - if an attack targets a specific person, it's spear phishing; if the social engineering happens over a phone call, it's vishing.
Topics
Community Discussion
No community discussion yet for this question.