ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 324 discussion

Actual exam question from CompTIA's CS0-002
Question #: 324
Topic #: 1
[All CS0-002 Questions]

An email analysis system notifies a security analyst that the following message was quarantined and requires further review.

From: [email protected]
To: [email protected]
Subject: [EXTERNAL] Gift card purchase ASAP
Body:

Please purchase gift cards to any major electronics store and reply with pictures of them to this email!

Which of the following actions should the security analyst take?

  • A. Release the email for delivery due to its importance.
  • B. Immediately contact a purchasing agent to expedite.
  • C. Delete the email and block the sender.
  • D. Purchase the gift cards and submit an expense report
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by db97 at Feb. 21, 2023, 7:08 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
db97
Highly Voted 2 years, 2 months ago
Here is my analysis: - B and D are discarded because this is not a security analyst responsibility. - The EXTERNAL tag is used to review an email deeper for potential phishing activity. - The sender domain seems to be right (we would have to analyze the email header to discard an open smtp relay for example, I'm talking base on my experience, but that is not available on this question lol). - In the body message the "CEO" is asking to make a purchase and the gift cards purchased should be shared as an image in the reply but for what? I think this is the major red flag. And also, I gotta mention that "urgency" is taking place here ("asap") this is a common social engineering technique. - In the item mentioned above I would reach out to CEO to validate this activity before taking the decision to release or delete the email because I don't discard their account has been compromised. I have reasons to doubt about the origin or intentions of this e-mail to take the decision of releasing it, so I would delete it and block the sender, but again there are some other steps I would follow before taking this decision but due to the lack of context I think this is the right answer (C).
upvoted 6 times
2Fish
2 years, 1 month ago
Absolutely this. The "EXTERNAL" tag is what caught my eye. You are correct that having the headers to do a deep dive would be best. C is the correct answer.
upvoted 1 times
...
...
ExamTopic147
Most Recent 1 year, 11 months ago
Why not D?
upvoted 3 times
...
justauser
2 years ago
Selected Answer: C
I agree, C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago