Exam SY0-701 topic 1 question 507 discussion

The correct answer is C. Phishing. Phishing involves creating a fake website or email that mimics a legitimate one to trick users into providing sensitive information, such as login credentials. In this scenario, users are accessing emails through a duplicate site that is not run by the company, which is a classic example of phishing.

The correct answer is: A. Impersonation Explanation: Impersonation refers to an attack where a malicious actor pretends to be someone else, typically by mimicking a legitimate website, email address, or service. In this scenario, the users are accessing emails through a duplicate site that is not controlled by the company, which indicates that the attacker is impersonating the company’s legitimate email platform to deceive users.

Caution ❗ Whereas at one time phishing messages were easy to spot with misspelled words and obvious counterfeit images, that is no longer the case. In fact, one of the reasons that phishing is so successful today is that the emails and the fake websites are difficult to distinguish from those that are legitimate: logos, color schemes, and wording seem to be almost identical. It is considered risky to attempt to determine if an email message is phishing just by how it looks. And although most web browsers automatically block known phishing websites because so many sites are appearing so rapidly, it is difficult for the browsers to stay up to date. Users should remain constantly vigilant to guard against phishing attacks

Phishing

GPT: The correct answer is: ✅ C. Phishing Explanation: The scenario describes users being tricked into accessing a fake website that mimics the legitimate company email site. This is a classic phishing attack, where: A fraudulent website is used to capture user credentials. The goal is to deceive users into thinking it’s a legitimate site. Even though it involves a fake site (which may seem like impersonation), phishing is the broader and more accurate term for this type of attack, especially when used to steal credentials. ❌ Why the other options are incorrect: Option Why it's not correct A. Impersonation Refers to pretending to be someone else (e.g., in person or via email), but this is more about website deception. B. Replication Refers to copying data, not tricking users with a fake website. D. Smishing Is SMS-based phishing — not applicable here since the scenario involves a fake website, not text messages.

A, They are accessing the email through duplicate site not access the site through email.

Bad question by CompTIA. A & B are correct, theoretically. Impersonation (as part of pharming) "is an attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website." (Sec+ Student Guide). Depending from the source is pharming a sub category of phishing. Even the Sec+ Student Guide states: "Phishing and pharming both depend on impersonation to succeed. ..." I guess, what CompTIA wanted to test, is if we understand the difference between phishing, smishing, vishing, and pharming. That's why Igo with A.

The answer is not impersonation, because impersonation refers to: More about pretending to be someone Usually person-to-person deception Doesn't typically involve duplicate sites

Why not C: impersonation refers to pretending to be someone else, but does not necessarily imply a fake site. So, i think the correct answer is phishing

Impersonation, no reference to social engineering email, text, or call. Simply a website that is impersonating another.

this is the explanation of Impersonation