(ISC)2 Certified in Cybersecurity Practice Exam

The correct answer describes tactics that involve manipulating individuals into divulging confidential information or performing actions that compromise security. Social engineering encompasses a broad range of deceptive communication methods, where attackers exploit human psychology rather than relying solely on technical vulnerabilities. This can include techniques such as posing as trusted sources, using urgency to prompt immediate actions, and creating a convincing narrative to mislead individuals.

While phishing specifically refers to the practice of sending fraudulent communications that appear to come from a reputable source, primarily via email, social engineering is the overarching concept that can include phishing as one of its methods. Vishing, on the other hand, is a form of social engineering conducted over the phone, while impersonation involves directly claiming to be someone else without necessarily employing a broad range of deceptive tactics. Therefore, the broad scope and variety of methods encompassed within social engineering make it the most accurate term for the tactics described in the question.