Which of the following should the security analyst perform?

A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

Which of the following should the security analyst perform?
A . Contact the security department at the business partner and alert them to the email event.
B . Block the IP address for the business partner at the perimeter firewall.
C . Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.
D . Configure the email gateway to automatically quarantine all messages originating from the business partner.

View Answer

Answer: A

Explanation:

The best option for the security analyst to perform is to contact the security department at the business partner and alert them to the email event. The email appears to be a phishing attempt that tries to trick the employees into revealing their login credentials by impersonating a legitimate sender. The security department at the business partner should be notified so they can investigate the source and scope of the attack and take appropriate actions to protect their systems and users.

Verified Reference:

https://www.comptia.org/training/books/casp-cas-004-study-guide, https://us-cert.cisa.gov/ncas/tips/ST04-014