An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?
While "C. Impersonating" is indeed part of the attacker's actions, it's a more generic term for assuming someone else's identity. In this specific scenario, the attacker is using vishing (voice phishing) to impersonate the Chief Executive Officer (CEO) over the phone, which is a type of social engineering attack where the voice is used to manipulate the employee into buying gift cards. So, "D. Vishing" more accurately describes the specific technique being employed in this situation.
My first thought was C, impersonating, but the attack was done over the phone, so Vishing, would take precedence. If this attack was done through written communication like text or email, then it would fall under impersonation.
COMPTIA Study Guide says:
Impersonation simply means pretending to be someone else. It is one of the basic
social engineering techniques. Impersonation can use either a consensus/liking or
intimidating approach. Impersonation is possible where the target cannot verify the
attacker's identity easily, such as over the phone or via an email message.
HOW ABOUT THIS QUESTION GUYS ??
An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?
A. Smishing
B. Disinformation
C. Impersonating
D. Whaling
CEO fraud: Typically perpetrated through email or electronic communication, with the attacker impersonating a high-ranking executive.
Vishing: Involves voice communication, such as phone calls, with the attacker impersonating someone from a trusted organization.
The correct answer is whaling. Whaling is a phishing attack that targets high-profile people by impersonating them. The answer is not listed here but listed in my dump! The best option would be C
Vishing, short for "voice phishing," is a social engineering technique in which attackers use phone calls to trick individuals into providing sensitive information or taking unauthorized actions. In this case, the attacker is using a phone call to impersonate the CEO and manipulate the employee into purchasing gift cards, which is a common tactic in vishing attacks.
If you think about it vishing almost always uses a form of impersonation. I mean what other tactic could you use with vishing. You call someone and you claim to be an IT support, CEO, etc. These are the methods that vishing is using to get the victim, but the attack at the base is vishing.
C. Impersonating (or impersonation)
An impersonation attack uses vishing as a form of attack. If the phone call was just a vishing attack, I don’t think the question would have included the CEO.
Seems like it can be either C or D... My question, how precise and evil is Comptia?? If you look at the objectives for this exam, 1.1 includes both Vishing and Impersonation... see that second word "Impersonation"... NOT "Impersonating". So, if they are trying to fool you into picking the wrong one, seems like spelling "Impersonating" as they did could be the "trick" they are playing on us. I'm going to Vishing, though I will admit, I am not positive. But, I don't trust Comptia. They are assholes that write those questions!
The attacker is using Option D: Vishing.
Vishing, or voice phishing, is a form of social engineering where an attacker uses the telephone system to trick the victim into providing private information. In this case, the attacker is posing as the Chief Executive Officer and instructing the employee to buy gift cards, which is a common tactic used in vishing attacks.
The attacker is using D. Vishing.
Vishing is a type of social engineering attack where the attacker uses the phone to pose as a legitimate entity and trick the victim into revealing sensitive information or performing certain actions. In this case, the attacker is posing as the CEO and instructing the employee to buy gift cards.
The attacker in this scenario is using "Vishing" (Option D). Vishing stands for "voice phishing," and it involves a social engineering attack where an attacker makes phone calls, impersonates someone they are not, and tries to manipulate the victim into revealing sensitive information or taking specific actions, such as purchasing gift cards. In this case, the attacker is posing as the CEO and attempting to trick the employee over the phone.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
DashRyde
Highly Voted 1 year, 9 months agoCisco103
Highly Voted 1 year, 9 months agomemodrums
1 year, 4 months ago31f71c4
1 year, 1 month agoJasonMunoz
Most Recent 11 months, 3 weeks agoxBrynlee
1 year agoshady23
1 year, 2 months agojerseydude
1 year, 1 month agodurel
1 year, 2 months agoAbdullahMohammad251
1 year, 2 months agoGeronemo
1 year, 2 months agomikzer
1 year, 3 months ago5e7a5bb
1 year, 3 months agoekiel
1 year, 4 months agosubaie503
1 year, 4 months agosubaie503
1 year, 4 months ago6de42b3
1 year, 2 months agoTM78
1 year, 4 months agohyabasa
1 year, 5 months agoPetercx
1 year, 7 months agoHCM1985
1 year, 3 months agokonami007
1 year, 8 months agoYarzo
1 year, 8 months ago