Someone claiming to be from a tax agency sent an email to a team member asking for access to the project repository. Which of the following BEST describes this scenario?
Someone reaching out to you and claiming to be someone they aren't in order to get information is, at its core, social engineering. So while it is also technically a Phishing attempt, the DNA of this attack is social engineering.
(Best Answer) B: Phishing
There is a social engineering style referred to as pretexting, where the attacker builds a believable story (pretext) to manipulate the target. The phrasing of this question COULD MISLEAD a person to think that answer A (social engineering) is correct. HOWEVER, pretexting involves direct interaction (such as phone calls or in-person deception).
While the attacker here is impersonating an authority (a tax agency), the lack of direct interaction and the use of email classify it as phishing rather than pretexting.
PHISHING IS AN EMAIL-BASED ATTACK, and not all phishing attempts center upon deceiving a recipient to click a malicious link. The core element of phishing is use of email as the medium, so B (phishing) is the BEST answer.
Wouldn't this be B considering social engineering is a much more broad term that includes other methods . While phishing is the specific attack being used
A. Social Engineering.
Here's why:
Social engineering: This involves manipulating people to gain access to sensitive information or systems. In this case, the impersonation of a tax agency official and the attempt to gain access to the project repository through a team member suggest this tactic.
Phishing: While phishing often involves emails, its goal is typically to lure the recipient into clicking malicious links or attachments to steal their credentials. Here, the focus is directly on gaining access through trust and impersonation, not a malicious link.
Spoofing: This involves forging data to make it appear authentic. While the email might involve spoofing the tax agency email address, it's the social engineering aspect of impersonation that's more prominent.
Hacking: This involves technical methods to exploit vulnerabilities in systems. While this scenario could involve a hacker trying to exploit human behavior, the social engineering aspect takes precedence here.
Initially Chat GPT agreed with me in saying B. Phishing, but after supplying your response it changed its mind to A.
However, I think this will be a 'weighted' question or I would hope it is. A and B are too similar I think Comptia makes these situations on purpose to be annoying. Nonetheless, B is probably "More" right.
upvoted 2 times
...
...
This section is not available anymore. Please use the main Exam Page.PK0-005 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
57d6284
2 months, 2 weeks ago95d3b92
2 months, 3 weeks ago044f354
3 months agoRumchata556
7 months, 1 week agoTheFai
7 months, 3 weeks agoTylerC
7 months, 3 weeks ago12any
8 months agojxh5337
8 months agoutied
9 months agoAdmiralGimme
7 months, 2 weeks ago