CompTIA Security+ (SY0-501) — Question 77

An employee receives an email, which appears to be from the Chief Executive Officer (CEO), asking for a report of security credentials for all users.
Which of the following types of attack is MOST likely occurring?

Answer options

• A. Policy violation
• B. Social engineering
• C. Whaling
• D. Spear phishing

Correct answer: D

Explanation

The correct answer is D, spear phishing, as it specifically involves targeted attacks that impersonate high-level individuals to deceive employees into divulging sensitive information. While whaling (C) also targets high-ranking individuals, spear phishing is a broader term that includes the impersonation aspect. Social engineering (B) is a general tactic used in many attacks, and policy violation (A) does not describe an attack method.