Dwayne wants to acquire account information from a competitor company, so he sends an illegitimate email to the payroll specialist claiming to be the CEO. What type of security attack would this be?

The scenario described demonstrates a classic example of phishing. Phishing is a type of social engineering attack where an individual impersonates a trusted entity—in this case, the CEO—to trick the target into disclosing sensitive information, such as account details.

In phishing attacks, the attacker often creates a sense of urgency or employs a trustworthy persona to manipulate the victim into providing confidential information that they would not normally share. By sending an illegitimate email that supposedly comes from a high-ranking official, Dwayne exploits the authority and recognition of the CEO to gain the trust of the payroll specialist, making it more likely for the specialist to fall for this deception.

The other options are not applicable in this context. Ransomware involves malicious software designed to block access to a computer system until a sum of money is paid. Web application threats refer to vulnerabilities in website applications that can be exploited for data theft or service disruption. IoT threats pertain to attacks targeting Internet of Things devices. None of these categories fit the nature of Dwayne's actions as accurately as phishing does.