ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-001 All Questions

View all questions & answers for the PT0-001 exam
Go to Exam

Exam PT0-001 topic 1 question 74 discussion

Actual exam question from CompTIA's PT0-001
Question #: 74
Topic #: 1
[All PT0-001 Questions]

An attacker uses SET to make a copy of a company's cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO's login credentials. Which of the following types of attacks is this an example of?

  • A. Elicitation attack
  • B. Impersonation attack
  • C. Spear phishing attack
  • D. Drive-by download attack
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Reference:
https://www.social-engineer.org/framework/influencing-others/elicitation/
by Dave1212 at May 14, 2021, 2:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Dave1212
Highly Voted 4 years, 2 months ago
C. Spear phishing attack Sending mail targeting CEO
upvoted 6 times
mdmdmd
4 years, 1 month ago
He wants to obtain the login credentials...I say the elicitation attack is correct...I mean it's a collection of techniques
upvoted 2 times
...
...
phorpiex
Highly Voted 4 years ago
Definitely C, would go for whaling should it be a choice.
upvoted 5 times
...
miabe
Most Recent 3 years ago
Selected Answer: C
looks good to me
upvoted 1 times
...
baybay
3 years, 4 months ago
Selected Answer: C
C. Spear phishing. They are going after a specific person. Specific target = spear and email= phishing.
upvoted 1 times
...
Cock
3 years, 4 months ago
It was on the exam
upvoted 2 times
...
[Removed]
3 years, 10 months ago
Sybex practice chapter 3 question189 C. The Social Engineer Toolkit (SET) provides a framework for automating the social engineering process, including sending spear phishing messages, hosting fake websites, and collecting credentials. Social engineering plays an important role in many attacks. SET is a menu-driven social engineering attack system. In this scenario, the penetration tester is attempting a spear phishing attack.
upvoted 3 times
...
CapCrunch
4 years ago
Its C. It doesnt fit the profile of an Elicitaton attack. " elicitation is the strategic use of casual conversation to extract information from people (targets) without giving them the feeling that they are being interrogated or pressed for the information. Elicitation attacks can be simple or involve complex cover stories, planning, and even co-conspirators." Source: https://www.redteamsecure.com/blog/5-effective-social-engineering-elicitation-techniques
upvoted 4 times
...
versun
4 years ago
Definitely C
upvoted 4 times
...
DrChats
4 years ago
im leaning towards B
upvoted 2 times
...
nonyabiz
4 years ago
Spear phishing: This is a phishing attack, irrespective of medium, that is crafted to target a specific person or group of people. Straight out of the Comptia Pentest+ book
upvoted 1 times
...
boooliyooo
4 years ago
https://www.redteamsecure.com/blog/5-effective-social-engineering-elicitation-techniques (Quote)That is to say, elicitation is the strategic use of casual conversation to extract information from people (targets) without giving them the feeling that they are being interrogated or pressed for the information. -- there is no physical contact in this question and making use of email medium. C is answer
upvoted 2 times
...
rohog
4 years, 1 month ago
I like B. Going after the CEO is a Whaling attack. Setting up a duplicate website is an impersonation attack. Usually, impersonation refers to targeting people in a social engineering attack, but it can also refer to systems - see Website Impersonation. https://bewica.com/blog/website-impersonation-best-practice
upvoted 2 times
x0hmei
4 years, 1 month ago
B does sound more like it, C and D are def wrong. A if you look up Elicitation it clearly says obtaining information indirectly via HUMAN CONTACT not via written so B seems to be more correct.
upvoted 2 times
catastrophie
4 years, 1 month ago
C is the correct answer. Spear Phishing is an email that can be directed to a specific individual or organization or business. Impersonation could have been an option if they had said the attacker made a copy of the web mail portal and sent and email to the CEO posed as a help desk technician.
upvoted 2 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel