ExpertEasy1 markMultiple Choice
CPA · Question 21 · Area II: Security
A penetration tester is hired to assess a company's external security. The tester sends a deceptive email to the HR department claiming to be an applicant, with a malicious attachment designed to harvest credentials. This type of attack is best classified as:
A penetration tester is hired to assess a company's external security. The tester sends a deceptive email to the HR department claiming to be an applicant, with a malicious attachment designed to harvest credentials. This type of attack is best classified as:
Answer options:
A.
SQL Injection
B.
Spear Phishing
C.
Cross-Site Scripting (XSS)
D.
Man-in-the-Middle
How to approach this question
Identify the vector (email) and the target (specific department). Email + Targeted = Spear Phishing.
Full Answer
B.Spear Phishing✓ Correct
B
Phishing is a social engineering attack. When targeted at a specific individual or department (like HR), it is called Spear Phishing.
Common mistakes
Calling it generic phishing (usually not an option if Spear Phishing is there) or Whaling (which targets C-suite).
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard