Posted by: Pdfprep
Post Date: April 10, 2021
During an investigation, an analyst discovers the following rule in an executive’s email client:
IF * TO <[email protected]> THEN mailto: <[email protected]>
SELECT FROM ‘sent’ THEN DELETE FROM <[email protected]>
The executive is not aware of this rule.
Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
A . Check the server logs to evaluate which emails were sent to <[email protected]>
B . Use the SIEM to correlate logging events from the email server and the domain server
C . Remove the rule from the email client and change the password
D . Recommend that management implement SPF and DKIM
Answer: A
Leave a Reply