Register
A security administrator is investigating a report that a user is receiving suspicious emails. The user's machine has an old functioning modem installed. Which of the following security concerns need to
174k views
2 votes
A security administrator is investigating a report that a user is receiving suspicious emails. The user's machine has an old functioning modem installed. Which of the following security concerns need to be identified and mitigated? (Select TWO).

a) Vishing
b) Whaling
c) Spear phishing
d) Pharming
e) War dialing
f) Hoaxing

User Erik Hakobyan
by
5.2k points

1 Answer

2 votes

Answer:

Spear Phishing and War Dialing

Step-by-step explanation:

So let's tackle these one at a time.

Vishing is simply any type of message (i.e., email, text, phone call, etc.) that appears to be from a trusted source but is not.

Whaling is simply a spear phishing attack of a high-value target such as a CEO or someone with high-level access at a company.

Spear phishing is simply a targeted phishing attack, usually towards a specific person or group of people. (Phishing attack is simply a social attack to try and gain unauthorized access to a resource).

Pharming is an attack that attempts to redirect website traffic to a fake site.

War dialing is a technique to automatically scan a list of numbers in an area in attempt to search for exposed modems, computers, board systems, or fax machines, in order to breach the network.

Hoaxing is simply a social attack that describes a serious threat in attempts to retrieve unauthorized access or money from a victim. (Think microsoft tech support scams)

Now that we have defined these things, let's identify the possible threats that need to be reported.

(a) Vishing? The sec admin report doesn't mention the source of the message so we cannot associate this one

(b) Whaling? The sec admin report says a user, implying someone not high up in the company, but doesn't say it's not someone high up. This is possible.

(c) Spear phishing? The sec admin report says a user, implying that only this user is being targeted so this is definitely valid.

(d) Pharming? The sec admin report says nothing about site redirection.

(e) War dialing? The sec admin report doesn't say anything about unauthorized scanning; however, it mentions the user has an old functioning modem, so this is possible.

(f) Hoaxing? The sec admin report doesn't mention a pop up in the email or the content of the email so we are uncertain.

Thus with these considerations, the two threats that are identified and need mitigation are Spear phishing and War Dialing/Whaling. Note that we aren't positive of the war dialing or whaling, but a case could be made for either; however, given the modem information, the question seems to indicate war dialing.

User Tyler Pantuso
by
5.4k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

5.7m questions

7.4m answers

Other Questions

a. STOP: What is a technology habit you practice today that you now realize will not help you to be successful? Explain why it’s important to STOP doing this right now.
Why might the government censor what its citizens see on the internet?
Flash drives cds external disks are all examples of storage (memory) devices
When you select Insert and click on a shape the mouse pointer turns into a/an
What's a qat on a computer
Link Copied!