During an investigation, an analyst discovers the following rule in an executive’s email client:
The executive is not aware of this rule.
Which of the following should the analyst do first to evaluate the potential impact of this security incident?
A . Check the server logs to evaluate which emails were sent to <someaddress@domain,com>.
B . Use the SIEM to correlate logging events from the email server and the domain server.
C . Remove the rule from the email client and change the password.
D . Recommend that the management team implement SPF and DKIM.
Answer: A
Explanation:
Checking the server logs to evaluate which emails were sent to <someaddress@domain,com> is the first action the analyst should do to evaluate the potential impact of this security incident. Server logs are records of events or activities that occur on a server, such as email transactions, web requests, or authentication attempts. Checking the server logs can help to determine how many emails were sent to <someaddress@domain,com>, when they were sent, who sent them, and what they contained. This can help to assess the scope and severity of the incident and plan further actions.
Reference: https://www.techopedia.com/definition/1308/server-log
Latest CS0-003 Dumps Valid Version with 128 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund