Exam SY0-701 topic 1 question 185 discussion

Business email compromise (BEC) is an email-based social engineering attack Social engineering refers to all the techniques used to coerce or talk a victim into revealing information that someone can use to perform malicious activities and render an organization or individual vulnerable to further attacks Answer: A- Business email

Social engineering is an attack vector, while Business email is an attack surface. If it said Business Email Compromise, that would be an attack vector.

It is not business email because this term refers to emails sent using an organization's domain and infrastructure, not necessarily indicative of an attack.

Social Engineering is right.

This lines up with A

The correct answer is A. > This is an example of Business Email Compromise (BEC). BEC is a type of phishing attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacker. In this scenario the email came from human resources, indicating that this is a BEC.

B. Social engineering

B. Social engineering Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security. In this case, the email containing suspicious links is an example of a phishing attempt, where attackers try to deceive the employee into clicking on malicious links that may lead to fraudulent sites or compromise their credentials.

Answer is B

I think that this question is a bit tricky in its language and its options of available answers. I would agree with A if it actually said " Business Email Compromise" but it simply says business email. B would be the correct answer because its actually mentioning a form of attack. Attack vector is literally referring to what kind of attack is being shown.

Social engineering: This refers to techniques used to manipulate people into performing actions or divulging confidential information. In this case, the attacker is using a legitimate-looking email from human resources to trick the new employee into clicking on malicious links. Business email compromise (BEC): While BEC can involve emails from legitimate-looking senders, it typically targets high-profile individuals or organizations for financial gain. In this case, the target is a new employee, and the goal seems to be to compromise their system.