25 May Practice Test Question-Social Engineering Attacks

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Maliah is responding to a security incident where a call center representative was tricked into disclosing his password. The representative went to visit a company website and was redirected to an illegitimate site that looked like the corporate site, but stole his password. What term best describes this attack? A. Phishing B. Watering Hole C. Whaling D. Pharming Correct Answer: D Phishing is a broad term used to describe obtaining user credentials and sensitive data fraudulently, usually through unsolicited email. In this case, the victim was redirected to an illegitimate website, so that wasn't a phishing attack. A watering hole attack is designed around a website that a particular group visits often. For example, it might place malicious code on a message board visited by employees of a company. Watering hole attacks don't redirect users. So, that's not the correct answer either. Whaling is a type of phishing aimed at high profile employees. We've already ruled out phishing attacks, so this is another incorrect answer .This scenario is an example of a pharming attack, where the victim was redirected to an illegitimate site and had their credentials stolen.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...