exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam

Exam SY0-701 topic 1 question 6 discussion

Actual exam question from CompTIA's SY0-701
Question #: 6
Topic #: 1
[All SY0-701 Questions]

Which of the following scenarios describes a possible business email compromise attack?

  • A. An employee receives a gift card request in an email that has an executive’s name in the display field of the email.
  • B. Employees who open an email attachment receive messages demanding payment in order to access files.
  • C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
  • D. An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
lauren2wright
Highly Voted 1 year, 2 months ago
C. In a BEC attack, the attacker typically impersonates a high-ranking executive or authority figure within the organization and requests sensitive information or actions from employees. In this case, the HR director is requesting log-in credentials for a cloud administrator account, which is a classic example of BEC where the attacker seeks to gain access to privileged accounts through deception.
upvoted 31 times
TheMichael
1 year ago
Answer: A. It could be C if there wasn't a better option, but a BEC is about impersonating, and in the answer choice C it doesn't specify that someone is acting as hr, whereas A is a better choice because they are clear that someone is being impersonated. Your boss requests documents all the time, they don't need to demand it. The choice is clearly A.
upvoted 13 times
Snooozey
11 months, 2 weeks ago
The best answer is C. The HR Director is not your boss, but someone high in your organization. They are asking for cloud administrator credentials, which has nothing to do with HR, so there is a chance that the directors email account has been compromised and the hacker is now hoping that you will just give in to their request because of the higher rank. In this situation you would follow up with the HR Director in person to determine if they actually made the request and if they really need the credentials for a legitimate reason.
upvoted 6 times
a4e15bd
11 months, 1 week ago
The fact that the email has the executive's name in the display field strongly suggest impersonation which is a hallmark of BEC. Both A and C involve impersonation which is central to BEC with scenario A being a class BEC because it is specifically leveraging the executives identity to request gift card which is a common BEC tactic.
upvoted 2 times
MistyUnicorn
2 weeks, 6 days ago
A is FED, and c is BEC
upvoted 1 times
...
...
...
...
...
Guahan
Most Recent 2 days, 6 hours ago
Selected Answer: C
It states someone in the company is asking for log in credentials.
upvoted 1 times
...
Kevhack787
6 days, 3 hours ago
Selected Answer: A
A. ✅ "An employee receives a gift card request in an email that has an executive’s name in the display field of the email." Classic BEC: Impersonation of a high-ranking official to trick an employee into buying gift cards. B. "Employees who open an email attachment receive messages demanding payment in order to access files." This is ransomware, not BEC. C. "A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account." This is closer to phishing for credential theft, not the typical goal of BEC (which is financial fraud). D. "An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal." This is also phishing, not BEC. BEC usually does not involve links or malware—just psychological manipulation.
upvoted 1 times
...
JT619
1 week, 2 days ago
Selected Answer: A
According to studying and Google: The best answer is A. An employee receives a gift card request in an email that has an executive's name in the display field of the email.. Explanation: A Business Email Compromise (BEC) attack often involves impersonating a high-level executive to trick employees into performing actions like purchasing gift cards or transferring funds, and this scenario closely matches that definition.
upvoted 1 times
...
learnin25
1 week, 3 days ago
Selected Answer: C
compromised
upvoted 1 times
...
Wagone
1 week, 6 days ago
Selected Answer: C
The correct answer is: C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account. Here's why: This scenario most accurately reflects a Business Email Compromise (BEC) attack, which typically involves: Impersonation of a high-level executive or trusted individual. Social engineering tactics to trick employees into transferring money, sharing sensitive information, or credentials. A focus on email-based deception, rather than malware or phishing links.
upvoted 2 times
...
MistyUnicorn
2 weeks, 6 days ago
Selected Answer: C
Answer A is FED, and C is BEC
upvoted 1 times
...
1chung
3 weeks, 2 days ago
Selected Answer: C
I go with C
upvoted 1 times
...
sentinell
3 weeks, 4 days ago
Selected Answer: A
A: An employee receives a gift card request in an email that has an executive’s name in the display field of the email. This is a classic Business Email Compromise (BEC) scenario. BEC attacks often involve impersonating high-level executives—like a CEO or CFO—using spoofed email addresses or display names to trick employees into sending money, gift cards, or sensitive data. These emails typically don’t contain links or attachments, which makes them harder to detect with traditional security tools.
upvoted 1 times
...
319b362
4 weeks, 1 day ago
Selected Answer: A
Why A is the correct answer: This is a classic and well-documented BEC scenario. The attacker spoofs or impersonates an executive, often using display name tricks. They send a socially engineered request, like asking for gift cards or wire transfers. No links or attachments — just urgent, manipulative language. This matches the FBI’s official definition of BEC: "A scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. It is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques."
upvoted 1 times
...
Burklton
4 weeks, 1 day ago
Selected Answer: A
A is a classic BEC attack where the attacker impersonates an executive for financial gain (gift cards). C is spear-phishing that also fits within BEC, focusing on credential theft by impersonating an HR director.
upvoted 2 times
...
analog4ever
4 weeks, 1 day ago
Selected Answer: C
C is the best answer here. BEC is all about the attacker using a compromised account to conduct financial fraud or other type of scam. A is only indicating the email has the executive name in the display field and not necessarily from a compromised account.
upvoted 1 times
...
Jforged
1 month ago
Selected Answer: A
The best answer is A. This scenario describes a classic Business Email Compromise (BEC) attack known as CEO fraud. In these attacks, a cybercriminal impersonates a high-ranking executive—often using a spoofed email address or just the display name—to trick an employee into taking urgent action, like buying gift cards or wiring money. Let’s quickly break down the others: - B is more indicative of a ransomware attack, where files are encrypted and payment is demanded. - C could be a phishing or credential harvesting attempt, but unless the HR director’s identity is spoofed or compromised, it doesn’t fully align with BEC. - D is a phishing attack using a fake login page, which is common but not specific to BEC.
upvoted 1 times
...
JotaJoe
1 month ago
Selected Answer: C
A or C coincide with BEC definition (Impersonation of High Officers or HR); A is a typical BEC, C is a sophisticated BEC.
upvoted 1 times
...
nnamo2
1 month, 1 week ago
Selected Answer: A
it is the only answer that has an attacker impersonating a high executive ......so A is the answer
upvoted 1 times
...
Sparky80
1 month, 3 weeks ago
Selected Answer: C
A BEC involves a fraudulent email that appears to come from a trusted executive or employee and is used to trick someone into transferring money, sensitive data, or credentials.
upvoted 1 times
...
fisher004
2 months ago
Selected Answer: C
The correct answer is C. Business email compromise (BEC) is a type of cybercrime where the scammer uses email to trick someone into sending money or divulging confidential company info. The culprit poses as a trusted figure, then asks for a fake bill to be paid or for sensitive data they can use in another scam. It is a type of phishing attack that targets organizations with a view to steal money or sensitive information. Only option where a trusted entity is impersonated and a request for sensitive information is made is C.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...