Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?
A security analyst is investigating a phishing email that contains a malicious document directed to the company’s Chief Executive Officer (CEO).
Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?
A . Run a vulnerability scan against the CEOs computer to find possible vulnerabilities
B. Install a sandbox to run the malicious payload in a safe environment
C. Perform a traceroute to identify the communication path
D. Use netstat to check whether communication has been made with a remote host
Answer: B
Explanation:
To understand the threat and retrieve possible Indicators of Compromise (IoCs) from a phishing email containing a malicious document, a security analyst should install a sandbox to run the malicious payload in a safe environment.
Reference: CompTIA Security+ Certification Exam Objectives – 2.5 Given a scenario, analyze potential indicators to determine the type of attack. Study Guide: Chapter 5, page 209.
Latest SY0-601 Dumps Valid Version with 396 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund