ExamGecko
Search Search Login
Home Home / CompTIA / SY0-701
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?
A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?
Which of the following involves an attempt to take advantage of database misconfigurations?
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)
Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

Question 25 - SY0-701 discussion

Report
Export

Which of the following scenarios describes a possible business email compromise attack?

A.
An employee receives a gift card request in an email that has an executive's name in the display field of the email.
Answers
A.
An employee receives a gift card request in an email that has an executive's name in the display field of the email.
B.
Employees who open an email attachment receive messages demanding payment in order to access files.
Answers
B.
Employees who open an email attachment receive messages demanding payment in order to access files.
C.
A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
Answers
C.
A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
D.
An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.
Answers
D.
An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.
Suggested answer: A

Explanation:

A business email compromise (BEC) attack is a type of phishing attack that targets employees who have access to company funds or sensitive information. The attacker impersonates a trusted person, such as an executive, a vendor, or a client, and requests a fraudulent payment, a wire transfer, or confidential data.The attacker often uses social engineering techniques, such as urgency, pressure, or familiarity, to convince the victim to comply with the request12.

In this scenario, option A describes a possible BEC attack, where an employee receives a gift card request in an email that has an executive's name in the display field of the email. The email may look like it is coming from the executive, but the actual email address may be spoofed or compromised. The attacker may claim that the gift cards are needed for a business purpose, such as rewarding employees or clients, and ask the employee to purchase them and send the codes.This is a common tactic used by BEC attackers to steal money from unsuspecting victims34.

Option B describes a possible ransomware attack, where malicious software encrypts the files on a device and demands a ransom for the decryption key. Option C describes a possible credential harvesting attack, where an attacker tries to obtain the login information of a privileged account by posing as a legitimate authority. Option D describes a possible phishing attack, where an attacker tries to lure the victim to a fake website that mimics the company's email portal and capture their credentials.These are all types of cyberattacks, but they are not examples of BEC attacks.Reference=1: Business Email Compromise - CompTIA Security+ SY0-701 - 2.22: CompTIA Security+ SY0-701 Certification Study Guide3: Business Email Compromise: The 12 Billion Dollar Scam4: TOTAL: CompTIA Security+ Cert (SY0-701) | Udemy

Show Answer
asked 02/10/2024
Quintin van Rooyen
44 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms