Question 9 - CompTIA Network+ N10-009 Real Exam Questions [Jan 2026 Update]

Q: 9

A junior network administrator gets a text message from a number posing as the domain registrar of the firm. The administrator is tricked into providing global administrator credentials. Which of the following attacks is taking place?

Options

Correct Answer:

Explanation

The attack described is Smishing, which is a portmanteau of "SMS" and "phishing." It is a social engineering attack that uses mobile text messages to deceive victims into providing sensitive information, such as credentials or financial details. In this scenario, the attacker impersonates a legitimate entity (the domain registrar) and uses a text message as the delivery vector to trick the junior administrator into revealing global administrator credentials. This perfectly aligns with the definition of a smishing attack.

Why Incorrect

A. DNS poisoning: This is a technical attack that compromises a Domain Name System (DNS) server to redirect a user's traffic to a malicious site, not a social engineering attack via text.

B. ARP spoofing: This is a Layer 2 attack on a local network that involves sending falsified ARP messages to associate an attacker's MAC address with another host's IP address.

C. Vishing: This is "voice phishing," a social engineering attack conducted over the phone via voice calls, not through text messages as described in the scenario.

References

1. National Institute of Standards and Technology (NIST). (2017). Special Publication 800-63-3: Digital Identity Guidelines. Section 5.2.4

"Phishing

" implicitly covers variants like smishing as a method to solicit authenticator information from a subscriber. The document states

"Phishing is a type of social engineering attack used to steal user data." Smishing is a specific vector for this type of attack. Available: https://doi.org/10.6028/NIST.SP.800-63-3

2. University of Washington

Office of the CISO. (n.d.). Phishing

Vishing

and Smishing. This educational resource defines smishing as "a form of phishing that uses mobile phones as the attack platform. The scammer sends a text message (SMS) in an attempt to get a potential victim to reveal personal information." Retrieved from https://ciso.uw.edu/education/just-in-time-awareness/phishing-vishing-and-smishing/

3. Carnegie Mellon University

Software Engineering Institute (SEI). (2021). Smishing: The Dangers of SMS Phishing. This publication defines smishing as "a form of phishing that uses text messages to trick a target into clicking a malicious link

downloading malware

or sharing sensitive information." This directly corresponds to the attack described in the question. Retrieved from https://insights.sei.cmu.edu/blog/smishing-the-dangers-of-sms-phishing/

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE