PrepAway - Latest Free Exam Questions & Answers

Select the appropriate attack from each drop down list to label…

Select the appropriate attack from each drop down list to label the corresponding illustrated attack.
Instructions: Attacks may only be used once, and will disappear from drop down list if selected. When you have
completed the simulation, please select the Done button to submit.
Hot Area:

PrepAway - Latest Free Exam Questions & Answers

Answer: See the explanation.


10 Comments on “Select the appropriate attack from each drop down list to label…

  1. 1 probably is whaling

    spear phishing. In this
    attack, the social engineer targets the phishing e-mail specifically toward an individual or associated
    group (think “the accounting department of company X”), instead of being generic
    enough to target many people at once. In the phishing e-mail, the attacker will often use
    information that can be linked to the victims, such as personal information the attacker has
    already gathered by some other means.

    Whaling is a variant of phishing, where the social engineer sends the phishing e-mail to a
    high-value target instead of the masses. Usually, whaling attacks target senior executives
    and others in important positions. These types of attacks involve much higher stakes,
    because senior personnel in the organization have information that may be considered
    more critical and of higher value to an attacker. Like phishing, whaling attacks can deliver
    a malicious payload or gather sensitive information.


      1. JohnnyMac says:

        This site ( uses the plural “executives” when describing who is attacked in a Whaling attack, so I think Whaling is probably correct, however it caveats it with:

        “Note: Spear phishing is a phishing attack against someone specific, like an individual or company. Therefore, whaling may also be considered spear phishing.”

        So if all these peeps are in the same company, then Spear Phishing is definitely a plausible answer….


          1. d6a6n6 says:

            I don’t think it has anything to do with individuals or groups.

            I think the key to understanding ‘spear phishing’ is to focus on the attacker versus the target. In ‘spear phishing’ the attacker pretends to be someone the target knows and trusts.

            In ‘whaling’ the target is a specific key figure/s. So whaling can be considered either phishing or spear phishing attacks depending on whether the attacker pretends to be someone who knows the target (phishing) or pretends to be someone the target knows and trusts (spear phishing).

            So I think the answer is ‘whaling’ because it doesn’t mention that the attacker is pretending to be someone the target knows.


        1. blip says:

          With these exam questions it’s a common tactic to throw in a potential answer that is plausible but not the “best” answer. Given that whaling IS a type of Spear Phishing, and the attack vector clearly states the attacker is using confidential information in the attack, the combination of these two facts (attacker using confidential info, to high level execs) IS the textbook definition of Whaling. Never mind that Whaling is a type of Spear Phishing, of the two possibilities Whaling is more accurate.

          Per Wikipedia (almost verbatim what the question describes)
          Whaling. The term whaling has been coined for spear phishing attacks directed specifically at senior executives and other high-profile targets


  2. JohnnyMac says:

    I wouldn’t think so Emily. Phishing is malicious and this just states that people have opted out of advertisements and they are still receiving them. Like all those ads for crap you get in your inBox (or SPAM folder).



Leave a Reply