During an investigation, an analyst discovers the following rule in an executive's email client: IF * TO <executive@anycompany.com> THEN mailto: <someaddress@domain.com> SELECT FROM 'sent' THEN DELETE FROM <executive@anycompany.com> The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
A) Check the server logs to evaluate which emails were sent to <someaddress@domain.com> Check the server logs to evaluate which emails were sent to <someaddress@domain.com>
B) Use the SIEM to correlate logging events from the email server and the domain server
C) Remove the rule from the email client and change the password
D) Recommend that management implement SPF and DKIM
Correct Answer:
Verified
Q106: An analyst wants to identify hosts that
Q107: The inability to do remote updates of
Q108: A company's Chief Information Security Officer (CISO)
Q109: A security analyst has discovered that developers
Q110: A security analyst has been alerted to
Q112: A cybersecurity analyst is responding to an
Q113: A security analyst at a technology solutions
Q114: An organization developed a comprehensive incident response
Q115: A large software company wants to move
Q116: A security analyst implemented a solution that
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents