A lot of people walk into the SY0-701 exam ready to define phishing, vishing, smishing, and pretexting, then freeze the moment a question describes a scenario and asks why the attack worked. The label was never the hard part. CompTIA wants to know whether you can read a short story and name the psychological lever the attacker pulled.
There are seven of these levers, and they show up constantly: authority, intimidation, consensus, scarcity, urgency, familiarity, and trust. Memorizing the list is easy. The skill that earns points is mapping a sentence to the right one, especially when a question stuffs two or three levers into the same scenario and asks for the best answer.
Here is what each one actually looks like inside a question.
Authority
The attacker borrows someone's rank. "This is the CFO, I need that wire approved before the board call." The tell is a claimed position you are not supposed to question.
Intimidation
Authority with a threat bolted on. "If this report is late, I am escalating to your manager." Fear of the consequence, not respect for the rank, is doing the work.
Consensus
Sometimes called social proof. It leans on the crowd. "Everyone else on your team already submitted their credentials for the migration." You are being told the safe choice is to follow the herd.
Scarcity and urgency
These two get swapped constantly, so pin them down. Scarcity is limited supply: "only three licenses left at this price." Urgency is limited time: "you have ten minutes before the account locks." If you can ask "running out of what?" and the answer is time, it is urgency. If the answer is quantity, it is scarcity.
Familiarity
Also called liking. The attacker becomes your friend first. They name a coworker, reference a recent project, mention your team, anything that lowers your guard before the ask arrives.
Trust
The long game version. The attacker builds a believable relationship or identity over time so the request feels routine. A vendor you have emailed for weeks suddenly sends new banking details, and nobody blinks.
How this actually shows up on the test
A scenario reads: an employee gets a call from someone claiming to be the help desk, and the caller says the account will be disabled in fifteen minutes unless the employee verifies their password right now. Three of the four answer choices will be principles. The exam is not asking you to notice this is vishing. It is asking which principle is primary. The clock ("fifteen minutes") is the loudest signal, so urgency is the answer, even though authority (help desk) is also sitting in the stem. CompTIA rewards the dominant lever, not the first plausible one.
That is the trap. Real scenarios rarely use one principle cleanly. The way to stay out of the ditch is boring but it works: read the whole stem before you look at the options, find the phrase that is doing the manipulating, then match. Deadline means urgency. Rank means authority. "Everyone is doing it" means consensus. Train the mapping, not the definitions.
A few habits that helped me when I was grinding through these:
- Separate the delivery method from the principle. Phishing, vishing, and smishing are how the message arrives. The principle is why you almost clicked. One question can test both, and they live in different objectives.
- Watch for stacked levers and ask which one the question is built around. The detail the author spent the most words on is usually the answer.
- Do not overthink familiarity versus trust. Familiarity is "I seem like someone you already know." Trust is "I built a relationship so this feels normal." Time is the difference between them.
The only way this clicks is reps on scenario questions, not flashcards of definitions. Read the story, predict the principle before you see the choices, then check yourself. Every time you miss one, write down which phrase fooled you. After thirty or forty of these the mapping becomes automatic, and a whole block of the exam turns into free points.
If you want a stack of scenario questions to practice on, that is most of what I built secplusmastery.com around: 1,069 practice questions, 31 in-depth reading lessons, and hands-on labs that drill the difference between the attack and the reason it worked. There is a free diagnostic exam at secplusmastery.com/diagnostic that shows you fast whether social engineering is a weak spot before you spend study time anywhere else.
Get the mapping automatic and this whole corner of the exam stops being scary.
Top comments (0)