SY0-701 Question #694: Real Exam Question with Answer & Explanation

Question

While updating the security awareness training, a security analyst wants to address issues created if vendors' email accounts are compromised. Which of the following recommendations should the security analyst include in the training?

Options

• ARefrain from clicking on images included in emails from new vendors
• BDelete emails from unknown service provider partners.
• CRequire that invoices be sent as attachments
• DBe alert to unexpected requests from familiar email addresses

Explanation

When a vendor's email account is compromised, attackers send malicious requests from a legitimate, familiar address - making the threat invisible to filters that block unknown senders. Option D directly addresses this: training employees to stay alert to unexpected or unusual requests (e.g., urgent wire transfers, changed payment details) from known contacts is the core defense against Business Email Compromise (BEC).

Why the distractors fail:

• A - Avoiding images in emails from new vendors is too narrow; compromised accounts are existing/familiar ones, not new ones.
• B - Deleting emails from unknown partners doesn't help when the threat comes from a known vendor whose account was taken over.
• C - Requiring invoices as attachments doesn't prevent fraud; attackers can send malicious attachments or legitimate-looking fake invoices just as easily.

Memory tip: Think "familiar face, unfamiliar request" - BEC attacks exploit trust in known senders, so the red flag isn't who sent it, but what they're unexpectedly asking you to do.

No community discussion yet for this question.