CompTIA PenTest+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the CompTIA PenTest+ Exam with our comprehensive materials. Test your knowledge with flashcards and multiple-choice questions, complete with explanations and hints. Achieve exam success!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What is the term for a form of elicitation where an attacker impersonates a high-level executive?

Spear phishing
Business email compromise (BEC)
Whaling
Pretexting

The correct answer is: Business email compromise (BEC)

The term that describes a form of elicitation where an attacker impersonates a high-level executive is business email compromise (BEC). This tactic involves the fraudulent attempt to obtain sensitive information or unauthorized transfers of funds by pretending to be a trusted person, particularly someone in a position of authority, like an executive within a company. Attackers utilize sophisticated social engineering techniques to gain the confidence of their targets, often by researching executives and their communication styles to craft convincing emails that appear legitimate. Spear phishing is a targeted attempt to steal sensitive information from a specific individual or organization by masquerading as a trusted entity, but it does not exclusively involve impersonating an executive. Whaling is a specific type of phishing aimed at high-profile individuals, often similar to BEC but typically focused on individuals at the very top of an organization, such as CEOs. Pretexting, while related to deception and manipulation, is a broader term that refers to creating a fabricated scenario to obtain information and does not specifically denote impersonation of executives in the context of business email communications. Thus, BEC encompasses the specific scenario of impersonating an executive for malicious purposes.