CompTIA Security+ (SY0-601) — Question 179

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker MOST likely attempting?

Answer options

• A. A spear-phishing attack
• B. A watering-hole attack
• C. Typo squatting
• D. A phishing attack

Correct answer: B

Explanation

The correct answer is B, a watering-hole attack, where the attacker infects a site that the victims are known to visit. Spear-phishing (A) targets individuals via email, typo squatting (C) involves creating similar domain names to trick users, and phishing (D) is a broader term for misleading users into giving up information, none of which involve compromising a commonly visited site like in a watering-hole attack.