220-1102 Practice Question: A user receives an email that appears to be from…

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

Answer analysis

Why the other options are wrong

Understanding why incorrect options are tempting is as important as knowing the correct answer.

• ✗

  Spear phishing

  Spear phishing is targeted at a specific individual or group, often using personalized details. The scenario does not mention any personalized information, so this is not the best description.

• ✗

  Vishing

  Vishing (voice phishing) uses phone calls or voicemail, not email. The attack described uses email, so vishing is incorrect.

• ✗

  Tailgating

  Tailgating is a physical security breach where an unauthorized person follows an authorized person into a secured area. This is a digital attack, not physical.

Technical deep dive

How to think about this question

The scenario perfectly illustrates a classic phishing attack, which is a type of social engineering where attackers attempt to trick individuals into divulging sensitive information, such as login credentials, by masquerading as a trustworthy entity. In this case, the attacker impersonates the user's bank via email, creating a sense of urgency and fear (security breach) to prompt immediate action. The fraudulent link directs to a spoofed website designed to mimic the legitimate bank portal, thereby deceiving the user into voluntarily entering their credentials, which are then harvested by the attacker. This method relies on psychological manipulation, exploiting trust and urgency rather than technical vulnerabilities. Phishing is distinguished from other social engineering tactics by its broad, often untargeted nature and its primary use of electronic communication, typically email. While the email might appear legitimate, it lacks the personalized details that would characterize a spear phishing attack, which targets specific individuals with highly customized messages. Vishing, on the other hand, exclusively uses voice communication, such as phone calls or voicemails, to execute similar scams. Tailgating is a completely different category of attack, falling under physical security breaches where an unauthorized person gains access to a restricted area by following an authorized individual. The digital, email-based nature of the described attack, combined with its aim to steal credentials through deception, firmly places it within the definition of phishing.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

FAQ

Questions learners often ask

Keep practising

More 220-1102 practice questions

• →A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
• →A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
• →A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
• →A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
• →A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
• →A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…