CERTIFIED-IN-CYBERSECURITY · Question #345
CERTIFIED-IN-CYBERSECURITY Question #345: Real Exam Question with Answer & Explanation
The correct answer is B: Spear Phishing Attack. A Spear Phishing Attack is a type of social engineering attack in which an attacker sends emails that appear to come from a legitimate source to trick recipients into revealing sensitive information or downloading malware (see ISC2 Study Guide, Module 2, under Types of Threats).
Question
What type of network attack involves an attacker creating a malicious email that appears to come from a legitimate source to trick recipients into revealing sensitive information or downloading malware?
Options
- ADistributed Denial-of-Service Attack
- BSpear Phishing Attack
- CCross-Site Scripting Attack
- DMan-in-the-Middle Attack
Explanation
A Spear Phishing Attack is a type of social engineering attack in which an attacker sends emails that appear to come from a legitimate source to trick recipients into revealing sensitive information or downloading malware (see ISC2 Study Guide, Module 2, under Types of Threats). Spear phishing attacks are typically more targeted than other Phishing attacks, making them more effective and harder to detect. The other options are not related to a Spear Phishing Attack. A Man-in-the-Middle Attack is an attack in which an attacker intercepts and modifies data in transit between two parties. A Distributed Denial-of- Service Attack is an attack in which an attacker attempts to make a service or network unavailable by flooding it with traffic. A Cross-Site Scripting Attack is an attack in which an attacker injects malicious code into a website to execute malicious scripts
Topics
Community Discussion
No community discussion yet for this question.