Cisco Cyber Security Practice Exam

Which of the following best defines phishing?

• A. Verbal deception to extract information
• B. Technical exploitation of vulnerabilities
• C. Fraudulent attempts to obtain sensitive information
• D. Unauthorized access to computer systems

The correct answer is: Fraudulent attempts to obtain sensitive information

Phishing is best defined as fraudulent attempts to obtain sensitive information. This method typically involves deception, where attackers masquerade as trustworthy entities in electronic communications, most commonly through emails, but it can also occur in text messages or social media. The objective is to trick individuals into revealing personal information, such as passwords, credit card details, or social security numbers. The key characteristic of phishing is its reliance on manipulation and impersonation rather than on exploiting technical vulnerabilities or security flaws. It often exploits social engineering principles, playing on the targets' emotions—such as fear or urgency—to prompt them to act quickly without careful consideration. In contrast, other definitions involve different types of security threats: verbal deception refers to social engineering but lacks the electronic component that defines phishing; technical exploitation targets system vulnerabilities rather than manipulating individuals for their data; and unauthorized access to computer systems refers to hacking rather than the specific act of deceit involved in phishing attacks. Each of these options emphasizes different methods or targets within the realm of cybersecurity, but only phishing aligns specifically with the fraudulent acquisition of sensitive information through electronic deception.