C. In a BEC attack, the attacker typically impersonates a high-ranking executive or authority figure within the organization and requests sensitive information or actions from employees. In this case, the HR director is requesting log-in credentials for a cloud administrator account, which is a classic example of BEC where the attacker seeks to gain access to privileged accounts through deception.
Answer: A.
It could be C if there wasn't a better option, but a BEC is about impersonating, and in the answer choice C it doesn't specify that someone is acting as hr, whereas A is a better choice because they are clear that someone is being impersonated. Your boss requests documents all the time, they don't need to demand it. The choice is clearly A.
The best answer is C. The HR Director is not your boss, but someone high in your organization. They are asking for cloud administrator credentials, which has nothing to do with HR, so there is a chance that the directors email account has been compromised and the hacker is now hoping that you will just give in to their request because of the higher rank. In this situation you would follow up with the HR Director in person to determine if they actually made the request and if they really need the credentials for a legitimate reason.
The fact that the email has the executive's name in the display field strongly suggest impersonation which is a hallmark of BEC. Both A and C involve impersonation which is central to BEC with scenario A being a class BEC because it is specifically leveraging the executives identity to request gift card which is a common BEC tactic.
A. ✅ "An employee receives a gift card request in an email that has an executive’s name in the display field of the email."
Classic BEC: Impersonation of a high-ranking official to trick an employee into buying gift cards.
B. "Employees who open an email attachment receive messages demanding payment in order to access files."
This is ransomware, not BEC.
C. "A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account."
This is closer to phishing for credential theft, not the typical goal of BEC (which is financial fraud).
D. "An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal."
This is also phishing, not BEC. BEC usually does not involve links or malware—just psychological manipulation.
According to studying and Google:
The best answer is A. An employee receives a gift card request in an email that has an executive's name in the display field of the email..
Explanation: A Business Email Compromise (BEC) attack often involves impersonating a high-level executive to trick employees into performing actions like purchasing gift cards or transferring funds, and this scenario closely matches that definition.
The correct answer is:
C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
Here's why:
This scenario most accurately reflects a Business Email Compromise (BEC) attack, which typically involves:
Impersonation of a high-level executive or trusted individual.
Social engineering tactics to trick employees into transferring money, sharing sensitive information, or credentials.
A focus on email-based deception, rather than malware or phishing links.
A: An employee receives a gift card request in an email that has an executive’s name in the display field of the email.
This is a classic Business Email Compromise (BEC) scenario. BEC attacks often involve impersonating high-level executives—like a CEO or CFO—using spoofed email addresses or display names to trick employees into sending money, gift cards, or sensitive data. These emails typically don’t contain links or attachments, which makes them harder to detect with traditional security tools.
Why A is the correct answer:
This is a classic and well-documented BEC scenario.
The attacker spoofs or impersonates an executive, often using display name tricks.
They send a socially engineered request, like asking for gift cards or wire transfers.
No links or attachments — just urgent, manipulative language.
This matches the FBI’s official definition of BEC:
"A scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. It is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques."
A is a classic BEC attack where the attacker impersonates an executive for financial gain (gift cards).
C is spear-phishing that also fits within BEC, focusing on credential theft by impersonating an HR director.
C is the best answer here. BEC is all about the attacker using a compromised account to conduct financial fraud or other type of scam. A is only indicating the email has the executive name in the display field and not necessarily from a compromised account.
The best answer is A.
This scenario describes a classic Business Email Compromise (BEC) attack known as CEO fraud. In these attacks, a cybercriminal impersonates a high-ranking executive—often using a spoofed email address or just the display name—to trick an employee into taking urgent action, like buying gift cards or wiring money.
Let’s quickly break down the others:
- B is more indicative of a ransomware attack, where files are encrypted and payment is demanded.
- C could be a phishing or credential harvesting attempt, but unless the HR director’s identity is spoofed or compromised, it doesn’t fully align with BEC.
- D is a phishing attack using a fake login page, which is common but not specific to BEC.
A BEC involves a fraudulent email that appears to come from a trusted executive or employee and is used to trick someone into transferring money, sensitive data, or credentials.
The correct answer is C.
Business email compromise (BEC) is a type of cybercrime where the scammer uses email to trick someone into sending money or divulging confidential company info. The culprit poses as a trusted figure, then asks for a fake bill to be paid or for sensitive data they can use in another scam. It is a type of phishing attack that targets organizations with a view to steal money or sensitive information.
Only option where a trusted entity is impersonated and a request for sensitive information is made is C.
This section is not available anymore. Please use the main Exam Page.SY0-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
lauren2wright
Highly Voted 1 year, 2 months agoTheMichael
1 year agoSnooozey
11 months, 2 weeks agoa4e15bd
11 months, 1 week agoMistyUnicorn
2 weeks, 6 days agoGuahan
Most Recent 2 days, 6 hours agoKevhack787
6 days, 3 hours agoJT619
1 week, 2 days agolearnin25
1 week, 3 days agoWagone
1 week, 6 days agoMistyUnicorn
2 weeks, 6 days ago1chung
3 weeks, 2 days agosentinell
3 weeks, 4 days ago319b362
4 weeks, 1 day agoBurklton
4 weeks, 1 day agoanalog4ever
4 weeks, 1 day agoJforged
1 month agoJotaJoe
1 month agonnamo2
1 month, 1 week agoSparky80
1 month, 3 weeks agofisher004
2 months ago