220-1102 Practice Question: A user receives an email that appears to be from…

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

Answer analysis

Why the other options are wrong

Understanding why incorrect options are tempting is as important as knowing the correct answer.

• ✗

  Spear phishing

  Spear phishing uses personalized information to target specific individuals or groups. The email in the scenario is generic (IT department announcement) and does not indicate personalization, so it is not spear phishing.

• ✗

  Whaling

  Whaling specifically targets executives or high-profile individuals. The scenario does not identify the user as an executive, so whaling is not indicated.

Technical deep dive

How to think about this question

Phishing is a social engineering attack where an attacker attempts to trick individuals into revealing sensitive information, such as usernames, passwords, or credit card details, by masquerading as a trustworthy entity. In this scenario, the user receives an email that appears to be from the company's IT department, a seemingly legitimate source, and is prompted to click a link to renew their password. This link leads to a fraudulent website designed to mimic the company's actual login portal, a common tactic in phishing to steal credentials. The key characteristic here is the broad, unpersonalized nature of the attack – it's an email that could be sent to many employees, relying on a general sense of urgency and trust in the IT department. The subsequent email from the bank, asking to confirm a large transaction, strongly suggests that the user's credentials or financial information were compromised as a direct result of the initial phishing attack, leading to identity theft. The initial act of deception to obtain credentials is the phishing attack itself. This differs from spear phishing, which would involve a more tailored email, perhaps referencing the user's name, specific project, or department, making it harder to detect. Whaling is even more specific, targeting high-value individuals like CEOs or CFOs, which is not indicated by the scenario. The initial attack's method of obtaining credentials through a deceptive email and fake login page perfectly aligns with the definition of phishing.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

FAQ

Questions learners often ask

Keep practising

More 220-1102 practice questions

• →A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
• →A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
• →A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
• →A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
• →A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
• →A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…