PrepAway - Latest Free Exam Questions & Answers

Which of the following attacks has taken place?

A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on
the user’s host:
Old `hosts’ file:
127.0.0.1 localhost
New `hosts’ file:
127.0.0.1 localhost
5.5.5.5 www.comptia.com
Which of the following attacks has taken place?

PrepAway - Latest Free Exam Questions & Answers

A.
Spear phishing

B.
Pharming

C.
Phishing

D.
Vishing

Explanation:
We can see in this question that a fraudulent entry has been added to the user’s hosts file. This will point the
URL: www.comptia.com to 5.5.5.5 instead of the correct IP address.
Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related)
information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail
requests for you to visit spoof Websites which appear legitimate, pharming ‘poisons’ a DNS server (or hosts
file) by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere.
Your browser, however will show you are at the correct Website, which makes pharming a bit more serious and
more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows
the scammers to target large groups of people at one time through domain spoofing.


Leave a Reply