Exam 200-201 topic 1 question 62 discussion

Not A. Because A is about and unexpected email from an unknown person. Its not C. Because C simply states a verbal request to an admin and anyone can pull that card. I doubt its D anyone can receieve a webex invite. But B. for sure picks a high level target your the most likely to respond to. HR. I think B is correct.

"B" is correct. According to the book, Phishing is a social engineering technique. The first listed. So the question is to identify which alternative is Phishing.

I think B is the best answer

Definitely B. It is tricking the victim into providing sensitive information, which is the main purpose of social engineering.

A is most likely, B,C,D are all routine business practices with no hint of malfeasance.

It's B Social engineering attacks are based on tricking the victim into providing sensitive information or taking an action that is harmful to themselves or their organization. In this case, the attacker is trying to trick the victim into visiting a fake website that looks like the HR website. Once the victim enters their contact information on the fake website, the attacker can steal it. The other options are not examples of social engineering attacks. Option A is an example of a phishing attack, but it is not a social engineering attack because the attacker is not trying to trick the victim into doing anything. Option C is an example of a legitimate request, and option D is an invitation to a meeting.

The correct answer for an example of a social engineering attack is: B. receiving an email from human resources requesting a visit to their secure website to update contact information This example represents a common social engineering technique known as phishing. The attacker impersonates a trusted entity (in this case, human resources) and tricks the recipient into visiting a fraudulent website to update their contact information. The purpose is to deceive the individual into divulging sensitive information or credentials, which can then be exploited for unauthorized access or other malicious purposes.

"B" is correct. Receiving an unexpected email from an unknown person with an attachment from someone in the same company is an example of a phishing email or a malware attack. Sending a verbal request to an administrator who knows how to change an account password is an example of a legitimate request, assuming the requester is authorized to make the change. Receiving an invitation to the department's weekly WebEx meeting is an example of a routine business communication and not an attack.

Social engineering sounds more like C. A seems like phishing, B and D sounds legit.

B would be the most sensible answer.

In other dumps this question appears a little different: Which two activities are examples of social engineering? Which two activities are examples of social engineering? (Choose two) A. receiving call from the IT department asking you to verify your username/password to maintain the account B. receiving an invite to your department’s weekly WebEx meeting C. sending a verbal request to an administrator to change the password to the account of a user the administrator does know D. receiving an email from MR requesting that you visit the secure HR website and update your contract information E. receiving an unexpected email from an unknown person with an uncharacteristic attachment from someone in the same company Correct Answer: AD

Social Engineering is the key here, I think. Social Engineering implies that an action is taken to obtain information. the only option here that relates to information being obtained is B. A can be a good answer as well the only thing that does not line up for me is that it only states there is an attachment. this could be a DELIVERY sure but of what? an attachment could mean a lot of things. I'm voting for B as it is the only option that refers to information being requested which is in line with social engineering

I think B is correct. Phishing attack definition :A threat actor sends fraudulent email which is disguised as being from a legitimate, trusted source to trick the recipient into installing malware on their device, or to share personal or financial information. And in answer B Human resources looks legitimate and want you to share your information .

Its A because B implies the request is from your HR department and doesnt say its a spoofed email address. The question doesnt have enough information to make an accurate decision but with the given in A is the better answer.

Not B, I think A is the better answer... the email contains an attachment from some one in the same company

Not B: normal practice in large companies with HR applications available over web. Not D: obviously Why C: who is sending? Even if sent (say one left voicemail because his/her account is blocked), this is a normal case with procedure to follow. A: Highly possible. Email may look like from the company, but not be one or company's account could be used. This is HoxHunt is for.

What are examples of social engineering attacks? Image result for social engineering attack and phishing attack Social engineering attack techniques Baiting. As its name implies, baiting attacks use a false promise to pique a victim's greed or curiosity. ... Scareware. Scareware involves victims being bombarded with false alarms and fictitious threats. ... Pretexting. ... Phishing. ... Spear phishing.