A systems administrator is concerned users are accessing emails through a duplicate site that is not run by the company. Which of the following is used in this scenario?
The correct answer is C. Phishing. Phishing involves creating a fake website or email that mimics a legitimate one to trick users into providing sensitive information, such as login credentials. In this scenario, users are accessing emails through a duplicate site that is not run by the company, which is a classic example of phishing.
The correct answer is:
A. Impersonation
Explanation:
Impersonation refers to an attack where a malicious actor pretends to be someone else, typically by mimicking a legitimate website, email address, or service. In this scenario, the users are accessing emails through a duplicate site that is not controlled by the company, which indicates that the attacker is impersonating the company’s legitimate email platform to deceive users.
I agree, because if they were accessing a site through emails that would be phishing--but they're accessing the emails through a duplicate site --which is impersonation.
GPT: The correct answer is:
✅ C. Phishing
Explanation:
The scenario describes users being tricked into accessing a fake website that mimics the legitimate company email site.
This is a classic phishing attack, where:
A fraudulent website is used to capture user credentials.
The goal is to deceive users into thinking it’s a legitimate site.
Even though it involves a fake site (which may seem like impersonation), phishing is the broader and more accurate term for this type of attack, especially when used to steal credentials.
❌ Why the other options are incorrect:
Option Why it's not correct
A. Impersonation Refers to pretending to be someone else (e.g., in person or via email), but this is more about website deception.
B. Replication Refers to copying data, not tricking users with a fake website.
D. Smishing Is SMS-based phishing — not applicable here since the scenario involves a fake website, not text messages.
Bad question by CompTIA.
A & B are correct, theoretically.
Impersonation (as part of pharming) "is an attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website." (Sec+ Student Guide). Depending from the source is pharming a sub category of phishing.
Even the Sec+ Student Guide states: "Phishing and pharming both depend on impersonation to succeed. ..."
I guess, what CompTIA wanted to test, is if we understand the difference between phishing, smishing, vishing, and pharming. That's why Igo with A.
The answer is not impersonation, because impersonation refers to:
More about pretending to be someone
Usually person-to-person deception
Doesn't typically involve duplicate sites
Why not C: impersonation refers to pretending to be someone else, but does not necessarily imply a fake site. So, i think the correct answer is phishing
This section is not available anymore. Please use the main Exam Page.SY0-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
9149f41
Highly Voted 3 months, 2 weeks agojbmac
Highly Voted 3 months, 4 weeks agoitsgonnabemay
2 months agosquishy_fishy
Most Recent 4 days, 4 hours agotimotei
2 weeks, 5 days agoKonversation
3 weeks, 6 days ago9149f41
2 months, 3 weeks agoEracle
3 months, 1 week agoadmcdaniel
3 months, 3 weeks agoFhaddad81
3 months, 3 weeks ago