Notifications
Clear all
Topic starter
09/05/2022 12:55 am
During an investigation, an analyst discovers the following rule in an executive’s email client:
IF * TO <[email protected]> THEN mailto: <[email protected]>
SELECT FROM ‘sent’ THEN DELETE FROM <[email protected]>
The executive is not aware of this rule.
Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
- A . Check the server logs to evaluate which emails were sent to <[email protected]>
- B . Use the SIEM to correlate logging events from the email server and the domain server
- C . Remove the rule from the email client and change the password
- D . Recommend that management implement SPF and DKIM
Suggested Answer: A