300-215 · Question #46
300-215 Question #46: Real Exam Question with Answer & Explanation
The correct answer is C: Find any other emails coming from the IP address ranges that are managed by XYZCloud.. By querying your mail logs for all messages from those XYZCloud–managed IP ranges, you can determine how many users received the phishing URLs and gauge the organization’s exposure before any clicks occurred.
Question
A threat intelligence report identifies an outbreak of a new ransomware strain spreading via phishing emails that contain malicious URLs. A compromised cloud service provider, XYZCloud, is managing the SMTP servers that are sending the phishing emails. A security analyst reviews the potential phishing emails and identifies that the email is coming from XYZCloud. The user has not clicked the embedded malicious URL. What is the next step that the security analyst should take to identify risk to the organization?
Options
- AReset the reporting user's account and enable multifactor authentication.
- BCreate a detailed incident report and share it with top management.
- CFind any other emails coming from the IP address ranges that are managed by XYZCloud.
- DDelete email from user mailboxes and update the incident ticket with lessons learned.
Explanation
By querying your mail logs for all messages from those XYZCloud–managed IP ranges, you can determine how many users received the phishing URLs and gauge the organization’s exposure before any clicks occurred.
Topics
Community Discussion
No community discussion yet for this question.