CompTIA Security+ (SY0-601) — Question 375

A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following:

• The manager of the accounts payable department is using the same password across multiple external websites and the corporate account.
• One of the websites the manager used recently experienced a data breach.
• The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country.

Which of the following attacks has most likely been used to compromise the manager's corporate account?

Answer options

• A. Remote access Trojan
• B. Brute-force
• C. Dictionary
• D. Credential stuffing
• E. Password spraying

Correct answer: D

Explanation

The most likely attack is Credential stuffing, as the manager reused passwords across multiple sites, making it easy for an attacker to use compromised credentials from a breached site to access the corporate account. The other options, such as Remote access Trojan, Brute-force, Dictionary, and Password spraying, involve different methods of attack that do not align as closely with the scenario described regarding password reuse and data breach exploitation.