Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 187

What is a description of "phishing" as a social engineering attack?

Answer options

• A. Fake Social Security Administration personnel contact random individuals, inform them that there has been a computer problem on their end, and ask that those individuals confirm their Social Security Number, all for the purpose of committing identity theft.
• B. A hacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link.
• C. The attacker focuses on creating a good pretext, or a fabricated scenario, that is used to try and steal victims' personal information.
• D. Someone without the proper authentication follows an authenticated employee into a restricted area. The attacker might impersonate a delivery driver and wait outside a building to get things started.

Correct answer: B

Explanation

Option B is correct as it precisely describes phishing, where an attacker masquerades as a legitimate entity to deceive the victim into interacting with malicious content. Option A describes a different type of identity theft scheme, while Option C refers to social engineering tactics but does not specifically mention phishing. Option D outlines physical security breaches rather than phishing attacks.