Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam SY0-601 topic 1 question 202 discussion

Actual exam question from CompTIA's SY0-601
Question #: 202
Topic #: 1
[All SY0-601 Questions]

A user reports falling for a phishing email to an analyst. Which of the following system logs would the analyst check FIRST?

  • A. DNS
  • B. Message gateway
  • C. Network
  • D. Authentication
Show Suggested Answer Hide Answer
Suggested Answer: A ūüó≥ÔłŹ

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Gino_Slim
Highly Voted 1 year, 5 months ago
This is a also a dumb question
upvoted 83 times
...
stoneface
Highly Voted 1 year, 7 months ago
Selected Answer: A
We want to see DNS logs to see where the users was taken
upvoted 38 times
i_bird
1 year, 6 months ago
any elaboration will be appreciated..
upvoted 1 times
...
db97
1 year, 6 months ago
But your assuming that he clicked on a link and the question does not specify that
upvoted 4 times
RonWonkers
1 year, 6 months ago
User report falling for the phishing mail
upvoted 11 times
...
Sandon
1 year, 5 months ago
It does specify that
upvoted 6 times
hamchook
8 months, 2 weeks ago
you don't have to click a link to fall for a phishing email, you can reply to it with sensitive info not having clicked anything. i go with message gateway; i also did this kind of work and that's the first thing i would check (see the sender, check header info, check to see if that sender sent emails to anyone else to get ahead of it before anybody else falls for it)
upvoted 7 times
...
...
...
examcrammer
6 months, 3 weeks ago
DNS would only be useful if the link in the phishing email used a FQDN. If the link used an IP address, DNS is of no use.
upvoted 5 times
...
emd
8 months ago
ChatGPT: B. Message gateway When a user reports falling for a phishing email, the analyst would first check the message gateway logs. The message gateway logs would provide information about the email's source, recipient, attachments, links, and any actions taken by the email security system. This information can help the analyst assess the nature of the phishing attempt, determine potential risks, and take appropriate actions to mitigate any potential security breaches.
upvoted 5 times
...
...
Imjusthere00
Most Recent 3 weeks, 3 days ago
Selected Answer: A
I would say DNS
upvoted 1 times
...
DrakeMallard
1 month, 1 week ago
Selected Answer: A
I'm leaning toward DNS because unless I'm mistaken Message Gateway is not in the objectives for the exam.
upvoted 2 times
...
kewokil120
2 months ago
Selected Answer: B
Email issue. Check Email logs. The closet option is Mail gateway and I would hope it would keep a log of that email for admin inspection. Ironport and o365 does this.
upvoted 1 times
...
[Removed]
2 months, 1 week ago
From all sources, I can gather it is either Authentication, Message Gateway, or DNS. Except for this site, DNS is out. I cannot find a straignt correct answer. Chat GPT answers both, another site has the question listed twice with two different answers.
upvoted 1 times
...
Susan4041
2 months, 3 weeks ago
I have to say GPT does help at times but I have found it has been wrong as well. Please do't always trust it.
upvoted 2 times
...
klinkklonk
2 months, 3 weeks ago
Selected Answer: B
Message gateway. The message gateway logs would provide information about the incoming and outgoing emails, including details about the phishing email. It may include information about the sender, recipient, subject, attachments, and other relevant details related to the email's entry point into the organization's email system.
upvoted 2 times
...
thecheat97
4 months ago
The answer is authentication on the actual exam and prep exam
upvoted 1 times
kevgjo
3 months, 1 week ago
you sure about that
upvoted 2 times
...
...
Arpilir
4 months, 1 week ago
Selected Answer: B
Phishing emails doesnt always have to contain links. Sometimes attacker would pretend someone who needs to verify an identity to update an account and victim needs to reply the requested information. DNS does not apply to that scenario. So to gain some context about the phishing attack, you have to check the email gateway first.
upvoted 3 times
...
Cloudninja117
4 months, 3 weeks ago
Selected Answer: A
check the logs for the dns
upvoted 1 times
...
ganymede
4 months, 3 weeks ago
Selected Answer: B
B. Message Gateway. At first I thought it was DNS, but upon further reflection I have decided that Message Gateway is the best answer. The first thing the security team will do is attempt to determine if this if a True Positive or False Positive. Many reports and alerts are False Positives. They are NOT going to just assume straight away that it is a True Positive. They are going to check and validate that. As part of that work they would likely check the mail logs to see if the mail logs can help them determine whether it is a True Positive or False Positive. Once they have confirmed it is a True Positive then they will want to confirm if and when the link was actually clicked. That is when they will look at DNS.
upvoted 4 times
...
Jackwasblk
5 months ago
Selected Answer: B
This email gateway allows you to examine all of the communication, both inbound and outbound, of your network.
upvoted 1 times
...
DChilds
5 months, 2 weeks ago
Selected Answer: A
First action is to check DNS logs which will help in getting an understanding of what the potential compromise is and how best to contain it. THEN you check the message gateway and those findings go into your incident report.
upvoted 1 times
...
Only12go
6 months, 2 weeks ago
Selected Answer: B
When investigating a phishing incident, the analyst would typically check the Message gateway logs first. These logs often contain information about inbound and outbound email traffic, including details about emails that have been received, delivered, or blocked. By examining the message gateway logs, the analyst can gather valuable information about the phishing email, such as its source, destination, and any associated indicators of compromise (IOCs). This information can be crucial for understanding the scope of the incident and taking appropriate response actions.
upvoted 1 times
...
above
6 months, 2 weeks ago
Real life scenario here: https://blog.cloudflare.com/2022-07-sms-phishing-attacks/ Would point to DNS logs.
upvoted 2 times
...
Abbey2
7 months, 1 week ago
B. Message gateway When a user falls for a phishing email, the first system logs an analyst should check are those related to the message gateway or email security gateway. These logs often contain information about the email, its source, and any actions taken by the gateway, such as quarantining suspicious emails or blocking known phishing attempts. Analyzing these logs can help in identifying the source of the phishing email and taking appropriate actions to mitigate the threat.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...