Domains 1-2 Sec+

The attack described is phishing, where a hacker sends a malicious link via email to trick the victim into downloading malware. This method exploits social engineering to gain unauthorized access.

Security awareness training is an administrative control that focuses on educating employees about security policies and practices, helping to mitigate risks through informed behavior. The other options are technical controls.

Tactical threat intelligence focuses on immediate threats and provides real-time alerts about current attack trends, helping organizations respond quickly to emerging threats.

A zero-day vulnerability is especially dangerous because it has no available fix at the time of discovery, leaving systems exposed to potential attacks until a patch is developed and deployed.

The NIST Cybersecurity Framework is specifically designed for U.S. government organizations to manage and reduce cybersecurity risk, making it the correct choice over ISO 27001, PCI DSS, and ITIL.

Multiple failed login attempts from different IP addresses suggest a brute force attack, where an attacker tries various passwords to gain unauthorized access. This aligns with the observed behavior.

The attacker exploits a software bug to gain higher privileges, which is known as privilege escalation. This type of attack allows unauthorized users to gain access to restricted areas of a system.

The malware described records keystrokes, which is a characteristic function of a keylogger. Unlike rootkits, ransomware, or worms, keyloggers specifically capture user input to send to an attacker.

SQL Injection is an attack where malicious SQL statements are inserted into a web form, allowing attackers to manipulate or access the database. This distinguishes it from other attacks like XSS, DNS Poisoning, and Session Hijacking.

A VPN encrypts data and secures connections, making it difficult for attackers to intercept communications, thus effectively preventing evil twin attacks. Other methods like WPA2-PSK and MAC filtering do not provide the same level of protection.