During an investigation, an analyst discovers the following rule in an executive's email client: IF * TO <executive@anyc
Posted: Sat Jul 23, 2022 7:39 pm
During an investigation, an analyst discovers the following rule in an executive's email client:
IF * TO <[email protected]> THEN mailto: <[email protected]>
SELECT FROM 'sent' THEN DELETE FROM <[email protected]>
The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
A. Check the server logs to evaluate which emails were sent to <[email protected]> Most Voted
B. Use the SIEM to correlate logging events from the email server and the domain server
C. Remove the rule from the email client and change the password
D. Recommend that management implement SPF and DKIM
IF * TO <[email protected]> THEN mailto: <[email protected]>
SELECT FROM 'sent' THEN DELETE FROM <[email protected]>
The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
A. Check the server logs to evaluate which emails were sent to <[email protected]> Most Voted
B. Use the SIEM to correlate logging events from the email server and the domain server
C. Remove the rule from the email client and change the password
D. Recommend that management implement SPF and DKIM