Q: 4
Phishing is what type of Information Security Incident?
Options
Discussion
B. matches what you'd see in most official ISO 27001 guides and practice tests on incident types.
Option B. since phishing is classified as a hacker/cracker attack in most ISO/IEC 27001 frameworks. Had something like this in a mock exam-a lot of questions want the "attack type" rather than legal or vulnerability angle. Pretty sure that's what they're after here. Someone let me know if they see it differently.
B tbh, these ISO questions always feel too focused on attacker angle for phishing.
B imo, phishing counts as a hacker/cracker attack because it's basically social engineering by external attackers. It's not directly a legal or technical vulnerability in ISO 27001 terms. Pretty sure this matches the standard's approach, but open to another view if I missed something.
Pretty sure it's B since phishing is seen as a hacker/attacker issue per the ISO 27001 standard training material. I remember the official guide and some practice tests make a similar distinction. If someone else has different guidance, let me know.
B
Be respectful. No spam.
