220-1102 Practice Question: A user receives an email that appears to be from…

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

Answer analysis

Why the other options are wrong

Understanding why incorrect options are tempting is as important as knowing the correct answer.

• ✗

  The email contains a generic greeting like 'Dear Employee' instead of the recipient's name.

  Generic greetings are common in phishing but can also occur in legitimate mass emails; it is a weak indicator alone.

• ✗

  The email has a few spelling and grammar errors.

  While poor spelling may indicate phishing, professional phishing emails can be well-written; it is not the strongest indicator.

• ✗

  The email is sent from an address that looks similar to the company's HR domain but with a slight misspelling.

  Spoofed addresses are a strong indicator, but the request for credentials is the most direct evidence of phishing intent.

Technical deep dive

How to think about this question

The core concept being tested here is the identification of phishing attempts, specifically recognizing the most critical red flag. Phishing attacks aim to trick users into divulging sensitive information, most commonly login credentials. The most direct and dangerous characteristic of a phishing email is an urgent request for a user's username and password, especially when combined with a threat of negative consequences (like losing benefits) if not acted upon immediately. Legitimate organizations, particularly HR departments, will almost never ask users to click a link in an email and then immediately enter their login credentials directly on a webpage linked from that email. Instead, they would typically direct users to log in through established, known portals or provide information that doesn't require immediate credential entry via an unsolicited link. While other options like generic greetings, spelling errors, or slightly misspelled sender domains are strong indicators of phishing, they are secondary to the direct request for credentials. A generic greeting might be used in a legitimate mass communication, albeit less professionally. Spelling and grammar errors, while common in less sophisticated phishing, are not universal, as many advanced phishing campaigns are well-written. A spoofed or similar-looking sender address is indeed a very strong indicator, but its purpose is to make the user trust the email enough to then act on the malicious request within it. The request for credentials is the ultimate goal and the most definitive sign of malicious intent, as it directly targets the user's security access.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

FAQ

Questions learners often ask

Keep practising

More 220-1102 practice questions

• →A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
• →A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
• →A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
• →A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
• →A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
• →A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…