Question 1

A penetration tester is hired to assess a company's external security. The tester sends a deceptive email to the HR department claiming to be an applicant, with a malicious attachment designed to harvest credentials. This type of attack is best classified as:

Accepted Answer

Identify the vector (email) and the target (specific department). Email + Targeted = Spear Phishing.

Question 2

What mistakes do candidates make on this CPA question?

Accepted Answer

Calling it generic phishing (usually not an option if Spear Phishing is there) or Whaling (which targets C-suite).

A penetration tester is hired to assess a company's external security. The tester sends a deceptive email to the HR department claiming to be an applicant, with a malicious attachment designed to harvest credentials. This type of attack is best classified as:

How to approach this question

Full Answer

Common mistakes

Practice the full CPA ISC Practice Exam

More questions from this exam