Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?

exams

3 years ago

During an investigation, an analyst discovers the following rule in an executive’s email client:

IF * TO <executive@anycompany.com> THEN mailto: <someaddress@domain.com>

SELECT FROM ‘sent’ THEN DELETE FROM <executive@anycompany.com>

The executive is not aware of this rule.

Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
A . Check the server logs to evaluate which emails were sent to <someaddress@domain.com>
B . Use the SIEM to correlate logging events from the email server and the domain server
C . Remove the rule from the email client and change the password
D . Recommend that management implement SPF and DKIM

Answer: A

Latest CS0-002 Dumps Valid Version with 220 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CS0-002 PDF CS0-002 Questions Online Training