Free ISC2 CC Certified in Cybersecurity Actual Exam Questions - Question 4 Discussion
legitimate source to trick recipients into revealing sensitive information or downloading malware?
This definitely isn’t A, B, or C since those don’t involve fake emails. D fits best because it’s about deceptive emails pretending to be legit. D makes the most sense here.
It’s D because the question focuses on tricking recipients through fake emails, which is classic spear phishing. The other options don’t really involve sending deceptive emails to steal info or spread malware.
D imo. The key part is the fake email pretending to be legit, which points to spear phishing over the others, since the rest don’t really involve that kind of deception.
Maybe D since the key part is the fake email to trick people, and none of the other options really fit. The question just says “malicious email,” so spear phishing seems closest.
Couldn’t it be just phishing, not necessarily spear phishing (D)? Question wording is vague.
It’s definitely not A/B/C since those don’t involve fake emails like D does.
D/C? The question talks about a malicious email pretending to be legit to steal info or spread malware, which fits phishing. A and B don’t fit since DDoS is about flooding and Man-in-the-Middle is intercepting communication. C is about injecting scripts on websites, not emails. So it’s between C and D, but since it’s specifically about emails and tricking recipients, D is the closest even if it doesn’t say targeted or not. Spear phishing usually means targeted, but this question probably just uses it as a general phishing term.
D/C? D fits because it’s about fake emails, but if it involved scripting in emails or websites, C might apply. Still, the question focuses on tricking via emails, so D seems more on point than C.
Maybe D because it’s the only option that clearly involves fake emails to trick people, even if the question doesn’t say it’s a targeted attack. The others don’t really match an email scam.
Maybe D, because none of the other choices involve email scams directly. Even if spear phishing is more targeted, it’s the closest match since it’s about deceptive emails trying to steal info or spread malware.
Isn’t spear phishing usually more targeted? Could this just be general phishing, not listed here?
D imo, since it’s clearly about faking legitimate emails to scam info, which matches spear phishing better than the other attacks focused on network or script exploits.
This is definitely about tricking users via email pretending to be legit, so it rules out A, B, and C pretty clearly. D makes the most sense here. D
D, since it’s about fake emails tricking people, fits best here.
Maybe D still fits best because the question talks about a malicious email pretending to be legit, which screams phishing. Options A and C don’t involve emails in that way, and B is more about intercepting communication rather than sending fake emails. So even if it’s not super clear if it’s targeted, spear phishing is the closest match here.
D, but are we sure it's spear phishing and not just general phishing?