Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?

CS0-002 0 Comments

During an investigation, an analyst discovers the following rule in an executive’s email client:

IF * TO <[email protected]> THEN mailto: <[email protected]>

SELECT FROM ‘sent’ THEN DELETE FROM <[email protected]>

The executive is not aware of this rule.

Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
A . Check the server logs to evaluate which emails were sent to <[email protected]>
B . Use the SIEM to correlate logging events from the email server and the domain server
C . Remove the rule from the email client and change the password
D . Recommend that management implement SPF and DKIM

Answer: A

Latest CS0-002 Dumps Valid Version with 220 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CS0-002 PDF     CS0-002 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments