Exam SY0-701 topic 1 question 185 discussion

Business email compromise (BEC) is an email-based social engineering attack Social engineering refers to all the techniques used to coerce or talk a victim into revealing information that someone can use to perform malicious activities and render an organization or individual vulnerable to further attacks Answer: A- Business email

Social engineering is an attack vector, while Business email is an attack surface. If it said Business Email Compromise, that would be an attack vector.

I originally thought A. Business Email, but after some research I switched to B. Social Engineering According to CloudFlare "Business email compromise (BEC) is a type of social engineering attack that takes place over email. In a BEC attack, an attacker falsifies an email message to trick the victim into performing some action — most often, transferring money to an account or location the attacker controls. BEC attacks differ from other types of email-based attacks in a couple of key areas: They do not contain malware, malicious links, or email attachments They target specific individuals within organizations They are personalized to the intended victim and often involve advance research of the organization in question" This email includes a bad link so I dont think it can be Business Email

Typical bad wording.. IF its a hr compromised account then could be A? but even a is it BEC they are referring to? vague for no reason, they can really blindly pick either A or B and decide which they will accept..

biz email

The correct answer is: B. Social engineering Explanation: This scenario describes a phishing attack, a type of social engineering where an attacker sends fraudulent emails pretending to be from a trusted source (in this case, human resources). The mismatched links suggest an attempt to deceive the employee into clicking a malicious link, possibly leading to credential theft or malware installation. Other options explained: A. Business email – Likely refers to Business Email Compromise (BEC), which involves targeted attacks on executives or finance personnel rather than generic phishing. C. Unsecured network – There is no indication that the employee is on an insecure network; the issue is the deceptive email content. D. Default credentials – This applies to systems left with manufacturer-set passwords, which is unrelated to phishing emails. Since the attacker is attempting to manipulate human behavior to gain access, this is a social engineering attack.

Why not the others? A. Business email (compromise) – This involves an attacker gaining control of a legitimate business email account, but in this case, the email appears to be a fake rather than a compromised real account. C. Unsecured network – An unsecured network could allow data interception, but it wouldn’t cause misleading links in an email. D. Default credentials – This refers to using factory-set usernames and passwords, which is unrelated to this phishing attempt.

Business email compromise (BEC) is an email-based social engineering attack

This is a social engineering attack done through phishing. Phishing typically involves sending mass emails to a large number of recipients, aiming to trick them into clicking on malicious links or providing sensitive information. The email in this scenario seems to fit this pattern, as it contains suspicious links that do not correspond to the company's legitimate links. Business Email Compromise (BEC), on the other hand, is more targeted. It often involves attackers gaining access to a legitimate business email account and using it to send fraudulent emails to specific individuals within the organization. These emails usually request actions like transferring funds or sharing confidential information. BEC attacks are generally more sophisticated and personalized compared to phishing.

It is not business email because this term refers to emails sent using an organization's domain and infrastructure, not necessarily indicative of an attack.

Social Engineering is right.

This lines up with A

The correct answer is A. > This is an example of Business Email Compromise (BEC). BEC is a type of phishing attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacker. In this scenario the email came from human resources, indicating that this is a BEC.

B. Social engineering

B. Social engineering Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security. In this case, the email containing suspicious links is an example of a phishing attempt, where attackers try to deceive the employee into clicking on malicious links that may lead to fraudulent sites or compromise their credentials.

Answer is B

I think that this question is a bit tricky in its language and its options of available answers. I would agree with A if it actually said " Business Email Compromise" but it simply says business email. B would be the correct answer because its actually mentioning a form of attack. Attack vector is literally referring to what kind of attack is being shown.