Exam SY0-701 topic 1 question 105 discussion

Executive whaling is when the CFO is one being targeted, therefore the answer is C

Answer is C....Social engineering is the practice of manipulating people into performing actions or divulging confidential information, often by impersonating someone else or creating a sense of urgency or trust. The suspicious caller in this scenario was trying to use social engineering to trick the user into giving away credit card information by pretending to be the CFO and asking for a payment. The user recognized this as a potential scam and reported it to the IT help desk. The other topics are not relevant to this situation.

The answer is C - We have to read the question carefully. At the end of the question, it says, "Which of the following TOPICS". The only one that truly qualifies as a "TOPIC" is social engineering. All the others are examples of social engineering.

C: SOCIAL ENGINEERING. The two parties are the IT individual and the CALLER threatening AS IF they were the CFO. Whaling involves ACTULLY targeting the CFO. "IT" is the target.

"executive whaling" is a term used in cybersecurity, referring to a highly targeted phishing attack specifically aimed at high-level executives like CEOs, CFOs, or other senior leaders within an organization, essentially meaning the "whale" in this analogy is the high-value target, the executive with significant access to sensitive information Answer is social engineering. The CFO WAS NOT the target in this scenario

voice phishing is a type of social engineering. executive whaling would only be the case if the CFO was the target receiving the call.

C- SOCIAL engineering The user recognized the topic of social engineering from the security awareness training session. Executive whaling, also known as "whaling," is a specific type of social engineering attack where the attacker impersonates a high-ranking executive. In this scenario, the user identified a social engineering attempt, even if they didn't specify executive whaling.

Correct answer is C. The scenario described is social engineering. As mentioned by other members, "executive whaling" is a form of spear phishing that targets high-profile individuals, like CEOs or CFOs. In this case a regular "user" is the one that received the call a not a high-profile individual.

It is C because someone is pretending to be someone else that would classify as social engineering

someone is pretending to be someone within the company with authority. Social engineering.

Suspicious caller impersonated someone with authority (CFO) to trick the user into providing credit card information. This is a classic example of social engineering, where the attacker exploits trust and urgency to extract sensitive data. The scenario matches the characteristics of a social engineering attack, as it involves manipulating the victim through a phone call rather than using technological methods or digital communication channels.

C. Social Engineering We have to pay attention to the question because they can be very tricky. They didn't specifically target the CFO they simply mentioned the person and said they wanted credit card info. Based on the question that we have the correct answer is C

C. Social engineering Explanation: Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. In this scenario, the suspicious caller was attempting to deceive the user into providing credit card information by falsely claiming to be acting on behalf of the Chief Financial Officer. This tactic is a classic example of social engineering, where the attacker uses social manipulation rather than technical hacking methods to obtain sensitive information. It is not D because this is a type of phishing attack that specifically targets high-profile executives (also known as "whales") to steal sensitive information. While the scenario does involve the mention of a high-ranking executive, it is broader in scope and fits under the general category of social engineering rather than a specific whaling attack through email.

How I understand it is Whaling is when they impersonate an executive, executive whaling is when they target an executive (spearfishing in a sense), and social engineering is a broad form of trickery to deceive whoever the target is (not specific) to divulge information.

In CompTIA's lessons for 701, the only reference I could find for "whaling" is a definition of "targeting employees that have influential roles." I'm going with C. Social engineering

C Whaling is send email to the Ceo

It has to be C because the caller is stating the CFO wants the information, he is not saying he is the CFO.. also the term is whaling, not executive whaling