nerdexam
EC-Council

312-50V11 · Question #717

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it. Wha

The correct answer is A. Forward the message to your company's security response team and permanently delete the. A suspicious email with unusual characters from a known contact is a potential phishing or malware delivery attempt and must be reported to the security team, not handled informally.

Social Engineering

Question

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it. What should you do?

Options

  • AForward the message to your company's security response team and permanently delete the
  • BReply to the sender and ask them for more information about the message contents.
  • CDelete the email and pretend nothing happened.
  • DForward the message to your supervisor and ask for her opinion on how to handle the situation.

How the community answered

(23 responses)
  • A
    96% (22)
  • C
    4% (1)

Why each option

A suspicious email with unusual characters from a known contact is a potential phishing or malware delivery attempt and must be reported to the security team, not handled informally.

AForward the message to your company's security response team and permanently delete theCorrect

Forwarding the suspicious email to the security response team allows trained analysts to safely examine headers, links, and attachments for indicators of compromise. Permanently deleting the original afterward removes the threat from your mailbox while ensuring the security team retains the evidence they need for investigation and broader organizational response.

BReply to the sender and ask them for more information about the message contents.

Replying to a potentially spoofed or compromised sender confirms your email address is active, may trigger malicious content, and could expose you to further social engineering.

CDelete the email and pretend nothing happened.

Deleting without reporting denies the security team visibility into a potential active threat against the organization.

DForward the message to your supervisor and ask for her opinion on how to handle the situation.

A supervisor is unlikely to have the technical expertise to handle a potential security incident and is not the correct escalation path compared to a dedicated security response team.

Concept tested: Phishing incident response and security reporting procedure

Source: https://www.cisa.gov/sites/default/files/publications/Phishing_Guidance_508C.pdf

Topics

#phishing email#incident response#suspicious email handling#security awareness

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice