SY0-501 · Question #335
SY0-501 Question #335: Real Exam Question with Answer & Explanation
The correct answer is D: Spear phishing. The described scenario, where an employee receives a targeted email impersonating the CEO to request sensitive data, is a classic example of a spear phishing attack.
Question
An employee receives an email, which appears to be from the Chief Executive Officer (CEO), asking for a report of security credentials for all users. Which of the following types of attack is MOST likely occurring?
Options
- APolicy violation
- BSocial engineering
- CWhaling
- DSpear phishing
Explanation
The described scenario, where an employee receives a targeted email impersonating the CEO to request sensitive data, is a classic example of a spear phishing attack.
Common mistakes.
- A. A policy violation refers to a breach of internal organizational rules or guidelines by an employee, not an external attack method attempting to extract information.
- B. Social engineering is a broad category of attacks that manipulate people, and while spear phishing is a form of social engineering, 'spear phishing' is a more specific and accurate description of this particular attack type.
- C. Whaling is a specific type of spear phishing that exclusively targets high-profile individuals within an organization, such as the CEO or CFO, rather than an employee being targeted by someone impersonating the CEO.
Concept tested. Identifying targeted phishing attacks (spear phishing)
Reference. https://learn.microsoft.com/en-us/microsoft-365/security/defender/what-is-phishing
Community Discussion
No community discussion yet for this question.