Which of the following commands will the analyst most likely execute NEXT?

A security analyst is investigating a reported phishing attempt that was received by many users throughout the company.

The text of one of the emails is shown below:

Office 365 User.

It looks like you account has been locked out Please click this <a href=Tittp7/accountfix-office356 com/login php">link</a> and follow the pfompts to restore access

Regards.

Security Team

Due to the size of the company and the high storage requirements, the company does not log DNS requests or perform packet captures of network traffic, but rt does log network flow data .

Which of the following commands will the analyst most likely execute NEXT?
A . telnet office365.com 25
B. tracert 122.167.40.119
C. curl http:// accountfix-office365.com/login. php
D. nslookup accountfix-office365.com

View Answer

Answer: D

Explanation:

nslookup is a command-line tool that can query the Domain Name System (DNS) and display information about domain names and IP addresses. The security analyst can use nslookup to find out the IP address of the malicious domain accountfix-office365.com that was used in the phishing attempt. This could help the analyst to block or trace the source of the attack. telnet, tracert, and curl are other command-line tools, but they are not as useful as nslookup for investigating a phishing attempt based on a domain name.

Reference: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/nslookup