Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk?

Customers are receiving emails containing a link to malicious software. These emails are subverting spam filters. The email reads as follows:

Delivered-To: [email protected]

Received: by 10.14.120.205

Mon, 1 Nov 2010 11:15:24 -0700 (PDT)

Received: by 10.231.31.193

Mon, 01 Nov 2010 11:15:23 -0700 (PDT)

Return-Path: <[email protected]>

Received: from 127.0.0.1 for <[email protected]>; Mon, 1 Nov 2010 13:15:14 -0500 (envelope-from <[email protected]>)

Received: by smtpex.example.com (SMTP READY)

with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500

Received: from 172.18.45.122 by 192.168.2.55; Mon, 1 Nov 2010 13:15:14 -0500

From: Company <[email protected]>

To: "[email protected]" <[email protected]>

Date: Mon, 1 Nov 2010 13:15:11 -0500

Subject: New Insurance Application

Thread-Topic: New Insurance Application

Please download and install software from the site below to maintain full access to your account.

Additional information: The authorized mail servers IPs are 192.168.2.10 and 192.168.2.11.

The network’s subnet is 192.168.2.0/25.

Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk? (Select TWO).
A . Identify the origination point for malicious activity on the unauthorized mail server.
B . Block port 25 on the firewall for all unauthorized mail servers.
C . Disable open relay functionality.
D . Shut down the SMTP service on the unauthorized mail server.
E . Enable STARTTLS on the spam filter.

View Answer

Answer: B, D