nerdexam
CompTIA

SY0-301 · Question #790

The business has an established relationship with an organization using the URL of following would BEST describe this type of attack?

The correct answer is A. Typo squatting. Typo squatting (also called URL hijacking) is an attack where a threat actor registers a domain name that is a common misspelling or slight variation of a legitimate, trusted URL (e.g., 'gooogle.com' instead of 'google.com'). Because the business has a known relationship with the

Threats, vulnerabilities, and mitigations

Question

The business has an established relationship with an organization using the URL of following would BEST describe this type of attack?

Options

  • ATypo squatting
  • BSession hijacking
  • CCross-site scripting
  • DSpear phishing

How the community answered

(46 responses)
  • A
    87% (40)
  • B
    4% (2)
  • C
    2% (1)
  • D
    7% (3)

Explanation

Typo squatting (also called URL hijacking) is an attack where a threat actor registers a domain name that is a common misspelling or slight variation of a legitimate, trusted URL (e.g., 'gooogle.com' instead of 'google.com'). Because the business has a known relationship with the legitimate organization, users are likely to visit that URL regularly. If an employee or customer mistypes the URL, they land on the attacker's malicious site instead. This exploits familiarity and human error. Session hijacking (B) involves stealing an active session token. Cross-site scripting (C) injects malicious scripts into web pages. Spear phishing (D) is a targeted email attack - none of these describe registering a fake lookalike domain.

Topics

#typosquatting#URL spoofing#social engineering#phishing

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice