In a credential harvesting exercise, which scenario would most clearly indicate an attacker collecting credentials through a fake login page?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

In a credential harvesting exercise, which scenario would most clearly indicate an attacker collecting credentials through a fake login page?

Explanation:
Credential harvesting revolves around tricking users into entering their credentials on a page that imitates a legitimate login form. The clearest indicator is a page that asks for both the username and password and is not associated with the real login portal. That combination shows intent to collect credentials directly from the user on a fake site, which is the essence of phishing used to harvest credentials. Why this stands out: capturing both fields on a non-legitimate site is a direct, end-to-end credential grab, whereas the other scenarios are less definitive. A page that requests only the username could be part of other processes and doesn’t capture the password. A page that links to the legitimate portal might still redirect legitimately or be safe depending on context, and a page with no login form clearly isn’t asking for credentials.

Credential harvesting revolves around tricking users into entering their credentials on a page that imitates a legitimate login form. The clearest indicator is a page that asks for both the username and password and is not associated with the real login portal. That combination shows intent to collect credentials directly from the user on a fake site, which is the essence of phishing used to harvest credentials.

Why this stands out: capturing both fields on a non-legitimate site is a direct, end-to-end credential grab, whereas the other scenarios are less definitive. A page that requests only the username could be part of other processes and doesn’t capture the password. A page that links to the legitimate portal might still redirect legitimately or be safe depending on context, and a page with no login form clearly isn’t asking for credentials.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy