(A) Correct — email spoofing is a real and common technique used in phishing.

(C) Correct — creating urgency ('Your account will be locked!') is a hallmark of social engineering.

(D) Correct — vishing (voice phishing) over the phone is a standard definition.

(B) Incorrect — a matching logo is a tactic attackers use, not evidence of legitimacy.

(D) Incorrect — II alone is not a phishing indicator; it describes what a convincing fake looks like.

(A) A dictionary attack uses a pre-built wordlist, not every possible combination.

(B) Credential stuffing relies on previously breached credentials from other services.

(D) Rainbow tables exploit hash functions with precomputed values, not exhaustive guessing.

(A) Incomplete — Statement II about deepfake audio impersonation is also true.

(D) Incorrect — Statement III is false because AI attacks can execute autonomously.

(A) Incorrect — a DoS attack targets service availability, not the user’s connection.

(C) Incorrect — SQL injection exploits vulnerabilities in web application code on the server side.

(D) Incorrect — ransomware on bank backups is unrelated to the user’s Wi-Fi choice.