exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam

Exam SY0-701 topic 1 question 259 discussion

Actual exam question from CompTIA's SY0-701
Question #: 259
Topic #: 1
[All SY0-701 Questions]

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?

  • A. Create a blocklist for all subject lines.
  • B. Send the dead domain to a DNS sinkhole.
  • C. Quarantine all emails received and notify all employees.
  • D. Block the URL shortener domain in the web proxy.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
RoRoRoYourBoat
Highly Voted 7 months, 1 week ago
Selected Answer: D
D. Block the URL shortener domain in the web proxy: By blocking the URL shortener domain, the security team can prevent users from accessing potentially malicious links, even if the domain is currently dead. This proactive measure helps mitigate the risk of future attacks using the same URL shortener.
upvoted 11 times
...
laternak26
Highly Voted 2 months, 3 weeks ago
Selected Answer: B
NOT D. Block the URL shortener domain in the web proxy: Blocking the URL shortener domain in the web proxy is a good idea if you suspect that the malicious URLs lead to a harmful site, but in this case, the links are redirecting to a dead domain. The malicious domain itself is no longer active, so blocking the URL shortener might not address the immediate threat. Additionally, this step doesn't prevent other similar attacks with different shorteners or domains in the future.
upvoted 10 times
...
skg01
Most Recent 1 week, 4 days ago
Selected Answer: D
D. Block the URL shortener domain in the web proxy. Explanation: Since the attack uses URL shorteners to redirect users to potentially malicious domains, the most effective mitigation is to block the URL shortener domain in the web proxy. This prevents employees from clicking on similar links in the future, even if the attacker changes the final redirect destination. Why not the other options? A. Create a blocklist for all subject lines – Not effective because attackers can easily modify subject lines to bypass filters. B. Send the dead domain to a DNS sinkhole – The domain is already dead, meaning it is no longer actively serving content. The threat lies in the URL shortener, which may redirect to different malicious sites in future attacks. C. Quarantine all emails received and notify all employees – While notifying employees is important, quarantining all emails may cause unnecessary disruptions. Blocking the URL shortener is a more effective preventive measure.
upvoted 1 times
...
mejestique
1 week, 4 days ago
Selected Answer: D
D. Block the URL shortener domain in the web proxy. Explanation: URL shorteners are often used in phishing attacks and malware distribution to obscure malicious links. Even though the current redirect domain is dead, attackers can update the shortener to point to a new malicious domain at any time. Blocking the URL shortener domain at the web proxy ensures that: Users cannot access any future malicious redirects coming from that shortener. The security team prevents future attacks using the same shortener service. It applies a broad and proactive security measure rather than reacting to just the current incident.
upvoted 1 times
...
selom1
1 month ago
Selected Answer: D
This provides immediate protection against current campaign
upvoted 1 times
...
DaBulls
1 month, 2 weeks ago
Selected Answer: D
The issue involves a URL shortener that redirects to a dead domain. Blocking the URL shortener domain prevents any redirection attempts, regardless of the destination domain. This measure also addresses any future malicious redirections from the same shortener. Send the dead domain to a DNS sinkhole: While this may help if the dead domain becomes active again, it does not address the possibility of the URL shortener being used for other malicious redirections.
upvoted 1 times
...
amccert
2 months ago
Selected Answer: C
Jsmithy Response was on point look at his explanation
upvoted 1 times
...
Eracle
2 months, 3 weeks ago
Selected Answer: D
Even if the domain they redirect URLs to is currently dead, the URL could be reactivated in the future for malicious purposes.
upvoted 2 times
...
gingergroot
3 months, 1 week ago
Selected Answer: B
B. GPT
upvoted 3 times
Eracle
2 months ago
D. GPT in my case
upvoted 3 times
...
...
jsmthy
5 months, 2 weeks ago
Selected Answer: C
Quarantine is correct. The dead domain may not do anything, but there can be several layers of redirects. You can place the dead domain on the DNS sinkhole, but that won't prevent users from clicking the links. If you block the URL shortener, you could block legitimate traffic to that shortener.
upvoted 2 times
...
dhewa
5 months, 3 weeks ago
Selected Answer: B
Well D is an option but it might not address the root cause if the attacker switches to a different URL shortener.
upvoted 2 times
...
nyyankee718
5 months, 3 weeks ago
Selected Answer: B
URL shortener will not block everything
upvoted 3 times
...
Hayder81
6 months, 1 week ago
D. Block the URL shortener domain in the web proxy:
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago