220-1102 Practice Question: A user receives a phone call from someone…

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

Answer analysis

Why the other options are wrong

Understanding why incorrect options are tempting is as important as knowing the correct answer.

• ✗

  Pretexting

  Pretexting is a general social engineering technique where an attacker creates a false scenario, but the specific method used here is over the phone, making 'vishing' the more precise term.

• ✗

  Smishing

  Smishing uses SMS text messages rather than phone calls to deceive victims.

• ✗

  Tailgaiting

  Tailgaiting is a physical security breach where an unauthorized person follows an authorized person into a secure area without proper authentication.

Technical deep dive

How to think about this question

Vishing, a portmanteau of 'voice' and 'phishing,' is a form of social engineering where an attacker uses telephone calls to trick individuals into divulging sensitive information. The attacker typically impersonates a trusted entity, such as IT support, a bank, or a government agency, to establish credibility and urgency. In this scenario, the attacker's claim of a 'critical security issue' and the request for 'login credentials and a verification code' are classic vishing tactics designed to create panic and bypass critical thinking. The key differentiator here is the medium of communication: a direct phone call. The attacker leverages the immediacy and perceived authority of a live voice interaction to manipulate the victim, often employing social engineering principles like urgency, authority, and fear to coerce compliance. The request for a verification code, often a multi-factor authentication (MFA) token, is a sophisticated layer to bypass modern security measures, making the attack more potent once the initial credentials are stolen. This method stands apart from other social engineering techniques primarily due to its reliance on voice communication. While pretexting involves creating a believable false scenario, vishing is the specific *delivery mechanism* of that pretext via phone. Smishing, conversely, uses text messages (SMS) to deliver similar malicious requests, often containing links to fake websites or requests for information directly within the message. Tailgating, on the other hand, is a physical security breach, completely unrelated to digital communication or credential theft, where an unauthorized person gains access to a restricted area by following an authorized individual. The scenario's explicit mention of a 'phone call' unequivocally points to vishing as the precise attack vector, distinguishing it from these other forms.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

FAQ

Questions learners often ask

Keep practising

More 220-1102 practice questions

• →A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
• →A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
• →A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
• →A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
• →A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
• →A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…