220-1102 Practice Question: A user receives an email that appears to be from…

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

Answer analysis

Why the other options are wrong

Understanding why incorrect options are tempting is as important as knowing the correct answer.

• ✗

  Vishing

  Vishing (voice phishing) uses phone calls to trick victims into revealing information. This attack uses email, not voice.

• ✗

  Smishing

  Smishing (SMS phishing) uses text messages instead of email. This attack was carried out via email.

• ✗

  Whaling

  Whaling targets high-profile individuals like executives. While the email could be part of a whaling attack, the description does not specify a target, and the attack method itself is still phishing.

Technical deep dive

How to think about this question

Phishing is a social engineering technique that relies on deception, typically through electronic communication like email, to trick individuals into divulging sensitive information or performing actions that compromise security. In this scenario, the email appearing to be from a bank, coupled with a malicious link leading to a fake login page, perfectly aligns with the definition of a phishing attack. The attacker's goal is to harvest credentials by impersonating a trusted entity, exploiting the user's trust and urgency. The mechanical process involves crafting a convincing email, often with urgency or a threat, and embedding a URL that, when clicked, directs the victim to a fraudulent website designed to mimic the legitimate service. The user, believing they are interacting with their actual bank, unknowingly submits their credentials directly to the attacker. The critical constraint that makes phishing the correct choice here is the method of delivery: an email. This distinguishes it from vishing, which exclusively uses voice communication (phone calls), and smishing, which relies on SMS text messages. While whaling is a type of phishing, it's a more specific form targeting high-value individuals; the question describes the general attack vector (email-based deception for credentials) rather than the specific target's profile. Therefore, 'phishing' is the most accurate and encompassing term for the described attack, as it directly addresses the email-based deceptive tactic used to steal credentials via a fake website.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

FAQ

Questions learners often ask

Keep practising

More 220-1102 practice questions

• →A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
• →A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
• →A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
• →A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
• →A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
• →A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…