Exam 220-1002 topic 1 question 9 discussion

D spear fishing Note: Took and passed the Core2 exam today. Only about 20% of all the sample test questions were on my exam. Had 77 questions for 90 minutes (about 1:20 per question). Had to go slow because I had to think hard about each of the 55 or so questions I'd never seen before. Didn't have time to answer every question. Exam ended and I had 4 questions unanswered. Ran out of time. Be sure not to pause too long to ponder correct answer.

bro, this question is trash

this question is to broad for the answers, they all are used to obtain personal information i would eliminate A since it didnt mention any high profile individual, B also is no since it say anything about pretending to be someone to obtain information, C is just faking information to obtain information so answer is D

the question focuses on "threats using personalized info in an attempt to obtain info"- the answer should be D- spear phishing Whaling - is a narrow attack on higher ups of a corporation like CEO's- which possibly can be true Impersonation - this is someone that is trying to trick you to perform something for them, like a Microsoft agent- giving them access to your computer spoofing- an example of this is tricking someone in believing a website or phone number is legit when it is not, it is not trying to use "personalized info" to obtain info. Spear Phishing is an attempt to do research on you (using personalized information) in an attempt to obtain info. per Professor Messer: "They’re going after a very specific person or very specific group of people to be able to gather the information that they need"-which is 100% true

Phishing > Spear phishing > Whaling (Whaling) is a specific type of (spear phishing), targets high ranking victims within a company. (spear phishing) is a specific type of (phishing), that target individuals. (phishing) a term that covers any type of attack that try to fool a victim into taking som action and it does not have a specific traget. Source : https://searchsecurity.techtarget.com/

Phishing > Spear phishing > Whaling (Whaling) is a specific type of (spear phishing), (spear phishing) is a specific type of (phishing). (phishing) a term that covers any type of attack that try to fool a victim into taking som action and it does not have a specific traget. Source : https://searchsecurity.techtarget.com/

The difference between them is primarily a matter of targeting. Phishing emails are sent to very large numbers of recipients, more or less at random, with the expectation that only a small percentage will respond. ... Spear phishing emails are carefully designed to get a single recipient to respond.

personalized information of the victim is used in both impersonation and spoofing, the issue that makes these not to be the exact answers is their next purpose is attack not to gain more information. In spear phishing one may pretend to be a ligitimate sender and also may use the victim's personal information inorder to convince to get more information. Thus I finaly incline to choose D.

In the case of spear phishing, the source of the email is likely to be an individual within the recipient's own company -- generally, someone in a position of authority -- or from someone the target knows personally.

Stolen personal information can be used to harm companies In addition to the personal problems stolen data can cause, it can also damage companies. With stolen data criminals can target company personnel to give sensitive information or to trick them to make payments. Such phishing attacks targeted against a specific individual are called spear-phishing. Criminals can also try to gain access to company networks to spy on them and infect them with malware.

this is correct. Whaling is for CEO type upper management.

Its "personalized" assumes that they know info about you

id go with spear phishing, "threat"

I thought it could be impersonation also, but I'm leaning more towards "spear phishing" now. It can't be whaling tho. This is from Prof. Messer's notes: Spear phishing • Phishing with inside information • Makes the attack more believable • Spear phishing the CEO is “whaling”

Spear and Whale phishing is using a user's information to obtain more information. BUT it is an attack, that uses spoofing techniques. The attacker already has some information about you, and it is personalized towards you. Phishing - Obtaining user authentication or financial information through a fraudulent request for information. Phishing is specifically associated with emailing users with a link to a fake site (or some other malware that steals information they use to try to authenticate). Whaling - A form of phishing that targets individuals who are known or are believed to be wealthy. Spoofing - Where the attacker disguises their identity. Some examples include IP spoofing where the attacker changes their IP address or phishing where the attacker sets up a false website.

its neither of them its actually spoofing because its using personalized information to become someone they are not in order to get information

A - Whaling is personalized https://blog.emsisoft.com/en/32736/phishing-vs-spear-phishing-vs-whaling-attacks/