C. In a BEC attack, the attacker typically impersonates a high-ranking executive or authority figure within the organization and requests sensitive information or actions from employees. In this case, the HR director is requesting log-in credentials for a cloud administrator account, which is a classic example of BEC where the attacker seeks to gain access to privileged accounts through deception.
Answer: A.
It could be C if there wasn't a better option, but a BEC is about impersonating, and in the answer choice C it doesn't specify that someone is acting as hr, whereas A is a better choice because they are clear that someone is being impersonated. Your boss requests documents all the time, they don't need to demand it. The choice is clearly A.
The best answer is C. The HR Director is not your boss, but someone high in your organization. They are asking for cloud administrator credentials, which has nothing to do with HR, so there is a chance that the directors email account has been compromised and the hacker is now hoping that you will just give in to their request because of the higher rank. In this situation you would follow up with the HR Director in person to determine if they actually made the request and if they really need the credentials for a legitimate reason.
The fact that the email has the executive's name in the display field strongly suggest impersonation which is a hallmark of BEC. Both A and C involve impersonation which is central to BEC with scenario A being a class BEC because it is specifically leveraging the executives identity to request gift card which is a common BEC tactic.
The correct answer is:
C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
Here's why:
This scenario most accurately reflects a Business Email Compromise (BEC) attack, which typically involves:
Impersonation of a high-level executive or trusted individual.
Social engineering tactics to trick employees into transferring money, sharing sensitive information, or credentials.
A focus on email-based deception, rather than malware or phishing links.
A: An employee receives a gift card request in an email that has an executive’s name in the display field of the email.
This is a classic Business Email Compromise (BEC) scenario. BEC attacks often involve impersonating high-level executives—like a CEO or CFO—using spoofed email addresses or display names to trick employees into sending money, gift cards, or sensitive data. These emails typically don’t contain links or attachments, which makes them harder to detect with traditional security tools.
Why A is the correct answer:
This is a classic and well-documented BEC scenario.
The attacker spoofs or impersonates an executive, often using display name tricks.
They send a socially engineered request, like asking for gift cards or wire transfers.
No links or attachments — just urgent, manipulative language.
This matches the FBI’s official definition of BEC:
"A scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. It is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques."
A is a classic BEC attack where the attacker impersonates an executive for financial gain (gift cards).
C is spear-phishing that also fits within BEC, focusing on credential theft by impersonating an HR director.
C is the best answer here. BEC is all about the attacker using a compromised account to conduct financial fraud or other type of scam. A is only indicating the email has the executive name in the display field and not necessarily from a compromised account.
The best answer is A.
This scenario describes a classic Business Email Compromise (BEC) attack known as CEO fraud. In these attacks, a cybercriminal impersonates a high-ranking executive—often using a spoofed email address or just the display name—to trick an employee into taking urgent action, like buying gift cards or wiring money.
Let’s quickly break down the others:
- B is more indicative of a ransomware attack, where files are encrypted and payment is demanded.
- C could be a phishing or credential harvesting attempt, but unless the HR director’s identity is spoofed or compromised, it doesn’t fully align with BEC.
- D is a phishing attack using a fake login page, which is common but not specific to BEC.
A BEC involves a fraudulent email that appears to come from a trusted executive or employee and is used to trick someone into transferring money, sensitive data, or credentials.
The correct answer is C.
Business email compromise (BEC) is a type of cybercrime where the scammer uses email to trick someone into sending money or divulging confidential company info. The culprit poses as a trusted figure, then asks for a fake bill to be paid or for sensitive data they can use in another scam. It is a type of phishing attack that targets organizations with a view to steal money or sensitive information.
Only option where a trusted entity is impersonated and a request for sensitive information is made is C.
This scenario describes a Business Email Compromise (BEC) attack:
BEC attacks typically involve impersonating a trusted figure in the organization (like a CEO or executive).
The attacker spoofs the display name to make the email look legitimate.
These emails often ask for urgent actions such as wiring money, sending sensitive data, or purchasing gift cards.
They usually don't involve attachments or obvious malware — just social engineering.
A Business Email Compromise (BEC) is a targeted social engineering attack where the attacker impersonates a company executive or high-level employee (like a CEO or CFO) to trick an employee—often in finance or HR—into:
-Sending money (e.g., wiring funds or buying gift cards)
-Disclosing sensitive information
-Changing payment account details
✅ Why A is correct:
The attacker spoofs the executive’s name in the “From” field, attempting to trick the employee into acting quickly without verifying the request.
Gift card scams are a common variant of BEC, especially those pretending to be from executives asking assistants or finance staff to urgently buy cards.
Option | Scenario | Type of Attack
A | Impersonates an executive asking for gift cards | ✅ BEC attack (common tactic)
B | Ransom message after opening an attachment | ❌ Ransomware, not BEC
C | Credential theft request from HR director | ❌ Phishing or Social Engineering, but not necessarily BEC
D | Link to a fake email login portal | ❌ Phishing, not BEC
For those answering A, this attack doesn't necessarily need to come from an internal address. Although it can in some cases, in quite a few cases the attack originates from a freemail user that changed their display name to match the display name of a C level or other executive. Option C is the only one (as of April 18, 2025) that could originate from inside the organization that fits the bill.
This section is not available anymore. Please use the main Exam Page.SY0-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
lauren2wright
Highly Voted 1 year, 2 months agoTheMichael
11 months, 4 weeks agoSnooozey
11 months, 1 week agoa4e15bd
11 months agoMistyUnicorn
1 week, 5 days agoWagone
Most Recent 5 days, 8 hours agoMistyUnicorn
1 week, 5 days ago1chung
2 weeks, 1 day agosentinell
2 weeks, 3 days ago319b362
3 weeks agoBurklton
3 weeks agoanalog4ever
3 weeks, 1 day agoJforged
3 weeks, 6 days agoJotaJoe
4 weeks agonnamo2
4 weeks, 1 day agoSparky80
1 month, 2 weeks agofisher004
1 month, 3 weeks agoJon_Million
2 months agoEkim149
2 months, 1 week ago8f23125
2 months, 3 weeks agoeroc1990
2 months, 3 weeks ago