Examice

Exam SY0-701 All QuestionsBrowse all questions from this exam

Question 11

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:

“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.”

Which of the following are the best responses to this situation? (Choose two).

Cancel current employee recognition gift cards.

Add a smishing exercise to the annual company training.

Issue a general email warning to the company.

Have the CEO change phone numbers.

Conduct a forensic investigation on the CEO’s phone.

Implement mobile device management.

Correct Answer: B, C

The best responses to this situation involve increasing awareness and preparedness against smishing attacks. Adding a smishing exercise to the annual company training will help employees recognize and respond to such fraudulent messages in the future. Issuing a general email warning to the company ensures that all employees are immediately informed about the ongoing fraudulent activity and cautioned against acting on such messages. These steps collectively enhance both immediate and long-term protections against similar threats.

Discussion

MehsotopesOptions: BC

It is already known that the message is not being sent from the CEO, & awareness of this attack should be known among the company by using the proper training to identify when an attacker is smishing using employee likeness. It is not known if devices are compromised, but if employees are aware of the situation, then that can be figured out as well.

AbdullahMohammad251Options: BC

A fraudulent message was sent without spoofing the sender's number, indicating the message did not come from a legitimate source and the phone wasn't stolen. Therefore, we don't need to change numbers or conduct a forensic investigation on the CEO's phone. We will first inform the employees about the current smishing attack. Then, adjust the annual Company training to include awareness of and protection against similar smishing attacks.

AbdullahMohammad251Options: BC

A fraudulent message was used, and the sender's number was not spoofed, meaning the message didn't come from a legitimate source. The question didn't mention the phone was stolen either. Therefore, we don't need to change numbers or conduct a forensic investigation on the CEO's phone. First, we will inform the employees about the current smishing attack. Then, we will adjust our annual company training to include protection against smishing attacks.

hasquaatiOptions: BC

BC, I eliminated the incorrect questions to this one.

shady23Options: BC

B. Add a smishing exercise to the annual company training. C. Issue a general email warning to the company.

YoezOptions: BC

Correct Answer: BC