CompTIA
220-802 · Question #136
220-802 Question #136: Real Exam Question with Answer & Explanation
The correct answer is A: Social engineering. Social engineering is the manipulation of people into divulging confidential information or performing actions by exploiting trust, which is exactly what this phone-based impersonation describes.
Question
A user receives a phone call from a person claiming to be from technical support. This person knows the user's name and that the user has Windows installed on their computer. The technician directs the user to open Event Viewer and look at some event log entries to demonstrate the effects of a virus on the computer. The technician also asks the user for their user ID and password so that they can clean the computer. This is an example of which of the following security threats?
Options
- ASocial engineering
- BPhishing
- CMalware
- DVirus
Explanation
Social engineering is the manipulation of people into divulging confidential information or performing actions by exploiting trust, which is exactly what this phone-based impersonation describes.
Common mistakes.
- B. Phishing specifically refers to deceptive emails or websites designed to harvest credentials, not phone-based impersonation attacks.
- C. Malware is malicious software installed on a system; no software is involved in this phone-based credential theft scenario.
- D. A virus is a specific type of self-replicating malicious code; the attacker is fabricating a virus threat as a pretext, not actually deploying one.
Concept tested. Social engineering via impersonation and pretexting
Reference. https://learn.microsoft.com/en-us/security/compass/human-operated-ransomware
Community Discussion
No community discussion yet for this question.