Phishing attack | Exam Premium

CompTIA Security+ Question E-11

Which of the following is described as an attack against an application using a malicious file?

A. Client side attack
B. Spam
C. Impersonation attack
D. Phishing attack

Answer: A

Explanation:
In this question, a malicious file is used to attack an application. If the application is running on a client computer, this would be a client side attack. Attacking a service or application on a server would be a server side attack.

Client-side attacks target vulnerabilities in client applications interacting with a malicious data. The difference is the client is the one initiating the bad connection. Client-side attacks are becoming more popular. This is because server side attacks are not as

easy as they once were according to apache.org. Attackers are finding success going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients. To defend against client-side attacks keep-up the most current application patch levels, keep antivirus software updated and keep authorized software to a minimum.

CompTIA A+ Core 2 Question F-88

A user receives an unsolicited call from a technician claiming to be from a Microsoft certified partner. The technician tricks the user into allowing them access to their PC because of malware alerts that were being broadcasted. Which of the following attacks is this user a victim of?

A. Shoulder surfing
B. Phishing attack
C. Social engineering
D. Malware infection

Correct Answer: C

Explanation:
http://www.social-engineer.org/

CompTIA A+ Core 2 Question E-7

A computer program that functions normally while quietly installing malicious software on a machine is known as a:

A. DDoS attack.
B. Worm.
C. Phishing attack.
D. Trojan.

Correct Answer: D

Explanation:
http://computer.howstuffworks.com/trojan-horse.htm

CompTIA A+ Core 2 Question A-93

Which of the following explains why it is important to secure Personally Identifiable Information (PII)?

A. So phishing attacks are not launched against employees of the organization.
B. So sensitive information, such as corporate passwords, is not stolen.
C. So man-in-the-middle attacks are not launched against the organization.
D. So sensitive information, such as social security numbers, is not stolen.

Correct Answer: D

CompTIA A+ Core 2 Question A-92

A user, Jane, receives a phone call from the company’s mail administrator who indicates her email account has been disabled due to high volumes of emails being sent in a very short period of time. Which of the following types of attack has the user experienced?

A. Virus infection
B. Man-in-the-middle attack
C. Phishing attack
D. Malware infection

Correct Answer: A