What defense is suggested for highly targeted phishing (whaling)?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Enhance your cyber defense skills with the Security Blue Team Level 1 Test. Prepare with flashcards, multiple choice questions, and detailed explanations to ace your exam!

Multiple Choice

What defense is suggested for highly targeted phishing (whaling)?

Explanation:
Targeted phishing attacks like whaling succeed by exploiting people and the flow of sensitive data. A layered defense that includes data loss prevention, external email marking, and training specifically targets both the technical and human factors involved. DLP helps prevent sensitive information from leaving the organization through email, reducing the potential impact of a successful deception. Marking external emails provides a visible cue that the message did not come from inside the organization, prompting users to verify requests more carefully. Training builds recognition of common whaling tactics—such as impersonation of executives, urgent financial requests, or spoofed sender addresses—and teaches safe verification steps and reporting procedures. Raising firewall rules focuses on network boundaries and may not stop social engineering that arrives through legitimate channels. Offline backups protect against data loss after a breach but don’t prevent the initial manipulation or data exfiltration. Replacing staff is not a realistic or effective security measure.

Targeted phishing attacks like whaling succeed by exploiting people and the flow of sensitive data. A layered defense that includes data loss prevention, external email marking, and training specifically targets both the technical and human factors involved. DLP helps prevent sensitive information from leaving the organization through email, reducing the potential impact of a successful deception. Marking external emails provides a visible cue that the message did not come from inside the organization, prompting users to verify requests more carefully. Training builds recognition of common whaling tactics—such as impersonation of executives, urgent financial requests, or spoofed sender addresses—and teaches safe verification steps and reporting procedures.

Raising firewall rules focuses on network boundaries and may not stop social engineering that arrives through legitimate channels. Offline backups protect against data loss after a breach but don’t prevent the initial manipulation or data exfiltration. Replacing staff is not a realistic or effective security measure.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy