220-802 Question #591: Real Exam Question with Answer & Explanation

The correct answer is A: Phishing. Phishing is a social engineering attack in which an attacker impersonates a trusted person or organization (in this case, the IT director) to manipulate the victim into revealing sensitive information, credentials, or performing unauthorized actions. The key elements here are: a

Question

A user receives an email seemingly from the director of the company's IT department. The user however notices that the content of the email is asking for information specifically forbidden to be shared with anyone. This type of interaction is known as which of the following?

Options

APhishing
BShoulder surfing
CMalware
DSpyware

Explanation

Phishing is a social engineering attack in which an attacker impersonates a trusted person or organization (in this case, the IT director) to manipulate the victim into revealing sensitive information, credentials, or performing unauthorized actions. The key elements here are: a spoofed/fake sender identity and a deceptive request for restricted information. This is a targeted variant sometimes called 'spear phishing' since it impersonates a specific known individual. Shoulder surfing (B) involves physically observing someone's screen or keyboard to steal information. Malware (C) is malicious software - no software is involved in this scenario. Spyware (D) is a type of malware that covertly monitors activity; the attack here is entirely social/email-based with no software component.

Community Discussion

No community discussion yet for this question.

Full 220-802 Practice