Multiple Choice
During an investigation, an analyst discovers the following rule in an executive's email client: IF * TO <executive@anycompany.com> THEN mailto: <someaddress@domain.com> SELECT FROM 'sent' THEN DELETE FROM <executive@anycompany.com> The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
A) Check the server logs to evaluate which emails were sent to <someaddress@domain.com> Check the server logs to evaluate which emails were sent to <someaddress@domain.com>
B) Use the SIEM to correlate logging events from the email server and the domain server
C) Remove the rule from the email client and change the password
D) Recommend that management implement SPF and DKIM
Correct Answer:
Verified
Correct Answer:
Verified
Q56: A security is responding to an incident
Q57: An organization that handles sensitive financial information
Q58: A large software company wants to move
Q59: Which of the following will allow different
Q60: An organization has not had an incident
Q62: A security analyst is investigating malicious traffic
Q63: A Chief Information Security Officer (CISO) is
Q64: A security team wants to make SaaS
Q65: A small electronics company decides to use
Q66: A security analyst wants to identify which