220-1102 Practice Question: A user receives an email that appears to be from…

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

Answer analysis

Why the other options are wrong

Understanding why incorrect options are tempting is as important as knowing the correct answer.

• ✗

  Phishing

  Phishing typically refers to mass, untargeted emails sent to many people, often with generic content. This email is specifically directed at the user and impersonates the CEO, making it targeted.

• ✗

  Whaling

  Whaling is a type of spear phishing that specifically targets senior executives. In this case, the target is an employee, not the CEO themselves.

• ✗

  Vishing

  Vishing (voice phishing) is conducted over the phone, not via email. This attack uses email, so it is not vishing.

Technical deep dive

How to think about this question

Spear phishing is a highly targeted form of social engineering where an attacker crafts a message, often an email, to appear as if it comes from a trusted or known source to a specific individual or small group. The key differentiator here is the personalization and the specific target. In this scenario, the email is not a generic blast but is directed at a particular user, impersonating their CEO, and even includes a slightly altered but recognizable email address. This level of customization, designed to exploit the recipient's trust and sense of urgency, is characteristic of spear phishing. The attacker has likely done some reconnaissance to understand the company structure and the relationship between the CEO and employees, making the attack more believable and increasing the chances of success. The goal is to manipulate the user into performing an action, such as purchasing gift cards, that benefits the attacker. This differs significantly from general phishing, which typically involves broad, untargeted emails with generic content sent to a large number of recipients, hoping some will fall for it. While whaling is also a targeted attack, it specifically targets high-value individuals like CEOs or CFOs themselves, whereas here, the CEO is being impersonated to target a regular employee. Vishing, on the other hand, is entirely different as it relies on voice communication, usually over the phone, to trick victims, which is not the medium used in this email-based attack. The slight email address discrepancy is a common tactic in spear phishing to make the email seem legitimate at first glance while still being controlled by the attacker.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

FAQ

Questions learners often ask

Keep practising

More 220-1102 practice questions

• →A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
• →A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
• →A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
• →A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
• →A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
• →A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…