nerdexam
CompTIA

SY0-301 · Question #37

Which of the following is characterized by an attacker attempting to map out an organization's staff hierarchy in order to send targeted emails?

The correct answer is A. Whaling. Whaling is a targeted spear phishing attack that specifically focuses on senior executives or high-value targets, often preceded by reconnaissance of the organizational hierarchy.

Threats, vulnerabilities, and mitigations

Question

Which of the following is characterized by an attacker attempting to map out an organization's staff hierarchy in order to send targeted emails?

Options

  • AWhaling
  • BImpersonation
  • CPrivilege escalation
  • DSpear phishing

How the community answered

(26 responses)
  • A
    69% (18)
  • B
    4% (1)
  • C
    12% (3)
  • D
    15% (4)

Why each option

Whaling is a targeted spear phishing attack that specifically focuses on senior executives or high-value targets, often preceded by reconnaissance of the organizational hierarchy.

AWhalingCorrect

Whaling targets high-profile individuals such as executives and senior management by using information gathered from organizational research, including staff hierarchy mapping, to craft convincing fraudulent emails. The deliberate act of mapping the hierarchy to identify and target influential 'big fish' is the defining characteristic of a whaling campaign.

BImpersonation

Impersonation involves pretending to be another person or entity, but it does not specifically describe the reconnaissance-driven hierarchical targeting described in the question.

CPrivilege escalation

Privilege escalation is a technique where an attacker gains higher access rights on a system than originally authorized, which is unrelated to email-based social engineering.

DSpear phishing

Spear phishing is targeted email-based phishing toward specific individuals or groups, but whaling is the more precise term when the targeting methodology involves mapping the organizational hierarchy to reach high-level executives.

Concept tested: Whaling as targeted executive phishing attack

Source: https://learn.microsoft.com/en-us/security/operations/incident-response-playbook-phishing

Topics

#whaling#spear phishing#social engineering#targeted attacks

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice