IF * TO <[email protected]> THEN mailto:

CS0-002

Last Post by Gonzalo 2 years ago

1 Posts

1 Users

0 Likes

166 Views

RSS

Gonzalo

(@castilogonzalo)

Noble Member

Joined: 2 years ago

Posts: 663

Topic starter 09/05/2022 12:55 am

During an investigation, an analyst discovers the following rule in an executive’s email client:

IF * TO <[email protected]> THEN mailto: <[email protected]>

SELECT FROM ‘sent’ THEN DELETE FROM <[email protected]>

The executive is not aware of this rule.

Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?

A . Check the server logs to evaluate which emails were sent to <[email protected]>
B . Use the SIEM to correlate logging events from the email server and the domain server
C . Remove the rule from the email client and change the password
D . Recommend that management implement SPF and DKIM

Show Answer Hide Answer

Suggested Answer: A

Quote

Topic Tags

CompTIA CySA+

Latest CompTIA CS0-002 Dumps Valid Version

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PDF

Forum Jump:

Previous Topic

Next Topic