CompTIA
CAS-003 · Question #593
CAS-003 Question #593: Real Exam Question with Answer & Explanation
The correct answer is A: A spear-phishing email with a file attachment. Spear-phishing emails with malicious file attachments directly exploit the vulnerability created by untrained users who cannot recognize social engineering or suspicious content.
Question
Which of the following attacks can be used to exploit a vulnerability that was created by untrained users?
Options
- AA spear-phishing email with a file attachment
- BA DoS using IoT devices
- CAn evil twin wireless access point
- DA domain hijacking of a bank website
Explanation
Spear-phishing emails with malicious file attachments directly exploit the vulnerability created by untrained users who cannot recognize social engineering or suspicious content.
Common mistakes.
- B. A DoS attack using IoT devices exploits misconfigured or unpatched device firmware and network infrastructure weaknesses, not the knowledge gap of individual end users.
- C. An evil twin access point is a network interception attack that can affect even security-aware users and relies on proximity and wireless infrastructure vulnerabilities rather than user training gaps.
- D. Domain hijacking exploits weaknesses in domain registrar account security or DNS infrastructure and is a technical attack that is not dependent on end-user training levels.
Concept tested. Social engineering attacks exploiting untrained user behavior
Reference. https://www.cisa.gov/resources-tools/resources/phishing-guidance-stopping-attack-cycle-phase-one
Community Discussion
No community discussion yet for this question.