220-802 Question #755: Real Exam Question with Answer & Explanation

The correct answer is A: Phishing. Phishing is a social engineering attack in which a threat actor sends a fraudulent email designed to look legitimate, tricking the recipient into clicking a malicious link and entering sensitive credentials (usernames, passwords, credit card numbers, etc.) on a fake website. The

Question

Which of the following common security threats could be occurring when a user receives an email with a link to login and change their username and password?

Options

APhishing
BDDoS
CMalware
DSpoofing

Explanation

Phishing is a social engineering attack in which a threat actor sends a fraudulent email designed to look legitimate, tricking the recipient into clicking a malicious link and entering sensitive credentials (usernames, passwords, credit card numbers, etc.) on a fake website. The scenario described - an unsolicited email urging the user to click a link and log in to change credentials - is the textbook definition of phishing. The goal is to harvest the user's real credentials by mimicking a trusted entity. DDoS (B) is a volumetric network attack that overwhelms a server with traffic and does not involve emails or credential harvesting. Malware (C) refers to malicious software and is often delivered via phishing but is not the attack itself. Spoofing (D) involves forging a sender's identity (email address, IP, etc.) and is frequently used as a technique within phishing campaigns, but spoofing alone does not describe the full attack scenario presented.

Community Discussion

No community discussion yet for this question.

Full 220-802 Practice