you don't have to click a link to fall for a phishing email, you can reply to it with sensitive info not having clicked anything.
i go with message gateway; i also did this kind of work and that's the first thing i would check (see the sender, check header info, check to see if that sender sent emails to anyone else to get ahead of it before anybody else falls for it)
The Authentication logs would be the first system logs that the analyst should check in this scenario. These logs provide information about user authentication events, including login attempts, successful logins, and failed logins. By examining authentication logs, the analyst can identify any suspicious or unauthorized access attempts related to the user who fell for the phishing email.
The analyst would first check:
B. Message gateway logs.
Message gateway logs, such as those from email servers or email security appliances, often contain valuable information about incoming and outgoing emails, including details about email delivery, sender and recipient information, and any actions taken by the gateway, such as quarantining or blocking suspicious emails. These logs can help the analyst identify and investigate the phishing email reported by the user.
Email issue. Check Email logs. The closet option is Mail gateway and I would hope it would keep a log of that email for admin inspection. Ironport and o365 does this.
From all sources, I can gather it is either Authentication, Message Gateway, or DNS. Except for this site, DNS is out. I cannot find a straignt correct answer. Chat GPT answers both, another site has the question listed twice with two different answers.
Message gateway.
The message gateway logs would provide information about the incoming and outgoing emails, including details about the phishing email. It may include information about the sender, recipient, subject, attachments, and other relevant details related to the email's entry point into the organization's email system.
Phishing emails doesnt always have to contain links. Sometimes attacker would pretend someone who needs to verify an identity to update an account and victim needs to reply the requested information. DNS does not apply to that scenario. So to gain some context about the phishing attack, you have to check the email gateway first.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Gino_Slim
Highly Voted 2 years, 8 months agostoneface
Highly Voted 2 years, 10 months agoAlcpt
9 months, 3 weeks agoi_bird
2 years, 9 months agodb97
2 years, 9 months agoRonWonkers
2 years, 9 months agoSandon
2 years, 7 months agohamchook
1 year, 11 months agoexamcrammer
1 year, 9 months agoAlcpt
Most Recent 9 months, 3 weeks agocsentry007
11 months, 1 week agoJFS_23
11 months, 1 week agoJasonMunoz
1 year agoShouqq_examtopics
1 year, 1 month agoAspiringNerd
1 year, 2 months agoImjusthere00
1 year, 3 months agoDrakeMallard
1 year, 3 months agokewokil120
1 year, 4 months ago[Removed]
1 year, 4 months agoSusan4041
1 year, 5 months agoklinkklonk
1 year, 5 months agothecheat97
1 year, 6 months agososa4547
1 year, 1 month agokevgjo
1 year, 5 months agoArpilir
1 year, 6 months agoCloudninja117
1 year, 7 months ago