312-50V13 · Question #519
312-50V13 Question #519: Real Exam Question with Answer & Explanation
The correct answer is C: Whaling and Targeted Attacks. Whaling and Targeted Attacks Option C is correct because whaling is a highly targeted social engineering attack that specifically impersonates high-level executives or senior officials (like C-suite members or top management) to manipulate others - in this case, the attacker crea
Question
An experienced cyber attacker has created a fake Linkedin profile, successfully impersonating a high- ranking official from a well-established company, to execute a social engineering attack. The attacker then connected with other employees within the organization, receiving invitations to exclusive corporate events and gaining access to proprietary project details shared within the network. What advanced social engineering technique has the attacker primarily used to exploit the system and what is the most likely immediate threat to the organization?
Options
- APretexting and Network Vulnerability
- BSpear Phishing and Spam
- CWhaling and Targeted Attacks
- DBaiting and Involuntary Data Leakage
Explanation
Whaling and Targeted Attacks
Option C is correct because whaling is a highly targeted social engineering attack that specifically impersonates high-level executives or senior officials (like C-suite members or top management) to manipulate others - in this case, the attacker created a fake profile of a high-ranking official to gain trust, access exclusive events, and extract proprietary information, making "targeted attacks" the natural immediate threat.
Why the distractors are wrong:
- A (Pretexting/Network Vulnerability) is partially relevant since pretexting involves creating a false identity/scenario, but it doesn't capture the executive-level impersonation that defines this attack, and no network technical vulnerability was exploited.
- B (Spear Phishing/Spam) involves targeted email deception, not LinkedIn profile impersonation of senior officials, and spam is a mass, untargeted technique - the opposite of what occurred here.
- D (Baiting/Involuntary Data Leakage) involves luring victims with enticing offers (like infected USB drives), which does not align with impersonating an executive to build trust.
🧠 Memory Tip: Think of "Whaling" as going after the "big fish" - the bigger the impersonated target (executives, CEOs, officials), the more it qualifies as whaling. If the fake persona holds a high rank, think Whaling = Whopper target!
Topics
Community Discussion
No community discussion yet for this question.