An end user forwarded an email with a file attachment to the SOC for review. The SOC analysts think the file was specially crafted for the target. Which of the following investigative actions would best determine if the attachment was malicious?
A.
Review the file in Virus Total to determine if the domain is associated with any phishing.
B.
Review the email header to analyze the DKIM, DMARC, and SPF values.
C.
Review the source IP address in AbuseIPDB.
D.
Review the attachment’s behavior in a sandbox environment while running Wireshark.
D is the only one that makes sense.
A) It was specifically crafted for the target, Virus Total won't pick it up.
B) Email headers won't give you any useful info.
C) This doesn't prove that the attachment is malicious.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
yeahnodontthinkso
3 months, 2 weeks ago