ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 854 discussion

Actual exam question from CompTIA's SY0-601
Question #: 854
Topic #: 1
[All SY0-601 Questions]

An organization recently experienced the following social engineering attacks that introduced malware into the network:

• In the first attack, the sender impersonated a staff member in the legal department and sent an email stating that the employee needed to click a link to sign an NDA in order to remain employed. The link provided was to a malicious website.
• In the second attack, the sender impersonated the director of finance and instructed the accounts payable department to pay an outstanding invoice. The attached invoice contained malware.

Which of the following is the most likely reason these attacks were successful?

  • A. Both attacks passed the spam filters, which resulted in the end users thinking the emails were legitimate.
  • B. Both attacks concealed the delivery of malware, which led end users to trust the emails.
  • C. Both attacks appealed to authority, which made the end users feel obligated to perform the requested actions.
  • D. Both attacks relied on dumpster diving to obtain a list of valid contacts to receive the malicious emails.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CircaG at March 24, 2024, 4:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CircaG
Highly Voted 1 year, 3 months ago
Selected Answer: C
C. These both deal with authority.
upvoted 5 times
NetworkTester1235
1 year, 2 months ago
I concur
upvoted 1 times
...
...
Nemish71
Most Recent 1 year, 1 month ago
Selected Answer: A
By not A. If they have not received the email a first please nothing will happen. Open to discussion!
upvoted 1 times
...
shady23
1 year, 1 month ago
Selected Answer: C
C. Both attacks appealed to authority, which made the end users feel obligated to perform the requested actions. In both scenarios, the attackers exploited the psychology of authority to deceive the employees. By impersonating individuals in positions of authority within the organization (legal department staff member and director of finance), the attackers created a sense of urgency and obligation among the employees to comply with the instructions provided in the emails.
upvoted 1 times
...
MortG7
1 year, 2 months ago
C is correct.
upvoted 1 times
...
Imjusthere00
1 year, 3 months ago
Selected Answer: C
I would say C as CircaG said they both deal with authority.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel