Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

A security analyst is investigating a phishing email that contains a malicious document directed to the company’s Chief Executive Officer (CEO).

Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?
A . Run a vulnerability scan against the CEOs computer to find possible vulnerabilities
B . Install a sandbox to run the malicious payload in a safe environment
C . Perform a traceroute to identify the communication path
D . Use netstat to check whether communication has been made with a remote host

View Answer

Answer: B

Explanation:

To understand the threat and retrieve possible Indicators of Compromise (IoCs) from a phishing email containing a malicious document, a security analyst should install a sandbox to run the malicious payload in a safe environment.

Reference: CompTIA Security+ Certification Exam Objectives – 2.5 Given a scenario, analyze potential indicators to determine the type of attack. Study Guide: Chapter 5, page 209.