Exam PT0-002 topic 1 question 221 discussion

The MOST correct answer to describe this attack is: A. Credential harvesting Credential harvesting is the act of tricking users into revealing their login credentials, often through phishing emails or fake login pages. In this case, the penetration tester is attempting to steal employees' cloud mail login credentials by creating a fake login page that appears legitimate.

Password spraying is a technique used to try guess a user's password by using a list of commonly used passwords. The list is usually generated from publicly available sources or from other data breaches. The attacker makes multiple attempts at a single user account with different passwords in an attempt to gain access. It is a common attack vector for criminals and should be guarded against with strong password creation and regular monitoring of accounts.

Credential harvesting involves using a variety of tactics including phishing, malware, bruteforce attacks, keylogging, and more. These tactics are used to acquire usernames, passwords, financial information, and other sensitive data that can be used to gain access to accounts or other information. As such, it is important to practice good online safety habits, such as strong password creation and monitoring of accounts.

The penetration tester created a fake login page to trick the company's employees into entering their email credentials, which were then harvested by the tester. This type of attack is commonly referred to as phishing, and it is a common tactic used by attackers to gain access to sensitive information.

A is correct