正解:B
A spear phishing attack is a highly targeted email-based attack where an attacker impersonates a trusted individual (e.g., the CEO) to trick recipients into providing sensitive information.
* In this scenario, an intruder posed as the CEO and deceived payroll staff into sharing employees' private tax information.
* Spear phishing is more targeted than general phishing, often using personal details to make the fraudulent request seem legitimate.
* A. Boundary attack. (Incorrect)
* A boundary attack refers to attempts to breach an organization's network perimeter defenses, such as firewalls and intrusion detection systems.
* This scenario describes a social engineering attack, not a technical boundary attack.
* B. Spear phishing attack. (Correct)
* Spear phishing attacks are highly personalized email attacks, usually targeting specific employees within an organization.
* Attackers research their targets and use realistic messages to trick them into divulging sensitive data.
* This fits the scenario, as the attacker impersonated the CEO to steal tax information.
* C. Brute force attack. (Incorrect)
* A brute force attack involves systematically guessing passwords to gain unauthorized access to systems.
* This attack was based on deception, not password cracking.
* D. Spoofing attack. (Incorrect, but closely related)
* Email spoofing is a technique where an attacker falsifies the sender's email address.
* While spear phishing often includes spoofing, the broader technique used here is spear phishing, as it involved social engineering and deception.
* IIA GTAG 16 - Security Risk: IT and Cybersecurity discusses phishing and social engineering threats, emphasizing internal controls to mitigate them.
* IIA Standard 2120 - Risk Management highlights the need for risk assessments in cybersecurity, including employee awareness training for phishing attacks.
* National Institute of Standards and Technology (NIST) Special Publication 800-61 classifies spear phishing as a high-risk cyber threat to organizations.
Explanation of Answer Choices:IIA References: