220-1102 Practice Question: An employee receives an email that appears to be…

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

Answer analysis

Why the other options are wrong

Understanding why incorrect options are tempting is as important as knowing the correct answer.

• ✗

  Spear phishing

  Spear phishing targets specific individuals or groups with customized messages. The scenario describes a generic HR email, not specifically tailored, so it is general phishing.

• ✗

  Pretexting

  Pretexting involves creating a false identity or scenario to obtain information, often via phone calls. This attack uses email with a fake link.

• ✗

  Pharming

  Pharming redirects users to a fake site by poisoning DNS or altering host files, not by sending deceptive emails.

Technical deep dive

How to think about this question

Phishing is a social engineering technique that involves tricking individuals into divulging sensitive information, such as usernames, passwords, or credit card details, by masquerading as a trustworthy entity in an electronic communication. In this scenario, the email appears to originate from the company's HR department, a seemingly legitimate and authoritative source, and requests the employee to 'verify login credentials' for a 'new payroll system.' The critical element here is the inclusion of a fraudulent link that directs the user to a fake website designed to capture their credentials. This broad, untargeted approach, where the attacker casts a wide net hoping to ensnare multiple victims, perfectly aligns with the definition of general phishing. The email's content, while plausible, is not customized to a specific individual beyond the general employee population, which distinguishes it from more sophisticated attacks. The mechanics of phishing rely on exploiting human trust and urgency. Users are often prompted with a sense of immediate need or consequence if they do not comply, such as 'verify your account now to avoid suspension.' The fraudulent website is typically a convincing replica of the legitimate one, making it difficult for an unsuspecting user to differentiate. This attack differs from spear phishing because it lacks the specific tailoring to an individual or small group; it's a generic HR email sent to a broader audience. Pretexting, on the other hand, usually involves a fabricated scenario or identity to manipulate someone into giving up information, often through direct conversation rather than a deceptive link in an email. Pharming is distinct as it involves redirecting users to a malicious website without their explicit action, often by compromising DNS servers or modifying local host files, rather than through a deceptive email link.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

FAQ

Questions learners often ask

Keep practising

More 220-1102 practice questions

• →A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
• →A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
• →A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
• →A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
• →A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
• →A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…