Exam SY0-601 topic 1 question 147 discussion

https://www.cmu.edu/iso/news/2020/email-spoofing.html

I don't know why so many people think its D. Forwarding a possibly malicious email to anyone much less the CIO and being like "this you?" seems crazy especially since it says he is on vacation for a few weeks. He likely wouldn't reply quickly and if he did it would be with "why would you forward this to me?"

Key word: CIO is on vacation for a few weeks, do to validate the authenticit <- you have to ask! so you are 100% guarantee

Why is not one looking at option C?

Answer A. Not ideal to forward email to CIO because he's in a vacation and would take time to get a response.

Reason why I choose to go with D: 1. Best method of verificatin is to ask directly 2. if the CIO has decided to send an email to request the docs while on vacation, then he will see the email the SA has forwarded and confirm if he sent it or not. 3. If there is no response, then the SA won’t need to send the docs 4. The SA is forwarding the email (not clicking on “Reply), so he gets to type in the real email of the CIO or pick from the address book.

Metadata can be spoofed, in the real world I would forward the email and ask the question. There is no mention of any attachments it's a text email, and there's no risk of spreading anything. D is giving you a 100% guarantee of the source.

If the CIO email is potentially corrupt, why would you then forward it to that same email for validation? That is what makes me not think it is D.

OK lets look at this objectively bit by bit. CIO sends email asking for documents CIO is on vacation Email can have spoofed sender Email can have spoofed metadata CIO is the person requesting documents (while on vacation) CIO should be expecting to receive a response if they did in fact request the documents IF CIO did not request documents and does not respond for weeks. NO PROBLEM IF CIO did request documents then they would respond to ensure their request is fulfilled and be waiting for you to produce the requested documents. I believe due to these logical conclusions that D is correct.

The answer is D. The best way to validate an email is to verify the alleged sender through a trusted method of communication. Don't respond to the email. Looking at the metadata could help, but since the CIO is thought to be on vacation, even if everything matched, I would still want to verify it with him. If he doesn't respond for a couple of weeks, it's a good indication that it is a phishing scam. This would be even more suspicious if the email exerted a sense of urgency such as "I am out of the office for a couple of weeks, but this must be completed before I get back". I definitely would want to verify with the CIO first.

Cybercriminals can spoof email addresses and manipulate metadata, so these methods may not provide a definitive answer to the email’s authenticity.

Theres no way that you should forward a potentially risky email to the CIO. Definitely not D, you'd get a message from cybersecurity in a work environment if you forwarded a potentially volatile email to a coworker. This exam is about security.

Options A, B, and C involve checking email metadata and properties, which can provide additional insights into the email's origin and authenticity. However, these methods alone may not be sufficient to verify the legitimacy of the email, especially in cases of sophisticated phishing attempts where email headers and addresses can be manipulated.

First of all, you don't forward a suspicious SPAM/Phishing email to anyone to verification. By so doing, you might inadvertently be propagating a malware/virus. The best course of action (under such circumstance) would be to save the email and send it as an attachment in a freshly-composed email. However, option D would be moot because "the Technician is aware that the CIO is on vacation." Hence, he may not have access to his emails. The best bet would be to do some investigation of your own: Option A provides the best recourse.

A - try it yourself, go to the email file>properties, look at header's sender, and host details

D is irrelevant. The CIO is on vacation. When you are on vacation would you bother yourself to check your company e-mails?

CEO is on vacation, he will not reply. Therefore "A" is best solution here.