220-1102 Practice Question: Spear phishing is a targeted email attack.

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

Answer analysis

Why the other options are wrong

Understanding why incorrect options are tempting is as important as knowing the correct answer.

• ✗

  Vishing

  Vishing (voice phishing) uses phone calls, not email. This attack is email-based.

• ✗

  Tailgating

  Tailgating is a physical security attack where an unauthorized person follows an authorized person into a restricted area. It does not involve email.

• ✗

  Pretexting

  Pretexting involves creating a fabricated scenario (pretext) to obtain information, often via phone or impersonation. While this email uses a pretext, the attack vector is email, making spear phishing more specific.

Technical deep dive

How to think about this question

Spear phishing is a highly targeted form of phishing that leverages specific information about the victim, such as their name, job title, company, or even recent activities, to craft a highly convincing and personalized attack. In this scenario, the attacker has gone beyond a generic mass email by addressing the user by their full name and referencing their correct job title, which significantly increases the email's perceived legitimacy. This personalization makes the recipient more likely to trust the sender and open the malicious attachment, 'Salary_Review_Q1.xlsx', which likely contains malware or a link to a credential harvesting site. The subtle misspelling in the sender's email address ('cornpany.com' instead of 'company.com') is a common tactic used in spear phishing to evade basic spam filters and trick the recipient into overlooking the discrepancy, relying on the overall convincing nature of the personalized content. While pretexting involves creating a fabricated scenario to manipulate a victim, spear phishing specifically refers to the delivery mechanism being a targeted email that uses this pretext. The key differentiator here is the email vector combined with the personalized targeting. Vishing is incorrect because it exclusively uses voice communication, typically over the phone, to execute the attack. Tailgating is a physical security breach, completely unrelated to email-based social engineering. Therefore, given the email-based nature and the use of specific personal details to target the individual, spear phishing is the most accurate classification for this attack.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

FAQ

Questions learners often ask

Keep practising

More 220-1102 practice questions

• →A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
• →A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
• →A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
• →A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
• →A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
• →A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…