nerdexam
EC-Council

312-50V9 · Question #372

First thing you do every office day is to check your email inbox. One morning, you received an email from your best friend and the subject line is quite strange. What should you do?

The correct answer is C. Forward the message to your company's security response team and permanently delete the. A suspicious email from a known contact may signal a compromised account or phishing attempt and must be escalated to the security team, not handled individually.

Social Engineering

Question

First thing you do every office day is to check your email inbox. One morning, you received an email from your best friend and the subject line is quite strange. What should you do?

Options

  • ADelete the email and pretend nothing happened.
  • BForward the message to your supervisor and ask for her opinion on how to handle the situation.
  • CForward the message to your company's security response team and permanently delete the
  • DReply to the sender and ask them for more information about the message contents.

How the community answered

(24 responses)
  • A
    4% (1)
  • B
    4% (1)
  • C
    83% (20)
  • D
    8% (2)

Why each option

A suspicious email from a known contact may signal a compromised account or phishing attempt and must be escalated to the security team, not handled individually.

ADelete the email and pretend nothing happened.

Simply deleting the email without reporting it fails to initiate a security investigation and allows a potential threat to go unaddressed.

BForward the message to your supervisor and ask for her opinion on how to handle the situation.

Forwarding to a supervisor rather than the security team bypasses the people with technical authority and tools to properly analyze the threat.

CForward the message to your company's security response team and permanently delete theCorrect

Forwarding the suspicious email to the company's dedicated security response team enables trained professionals to investigate a potential phishing campaign or account compromise incident. Permanently deleting it after reporting ensures the malicious content is not accidentally re-opened and follows documented security incident response procedure.

DReply to the sender and ask them for more information about the message contents.

Replying to a potentially spoofed or compromised sender confirms your email address is active and may expose additional information to an attacker.

Concept tested: Phishing email incident response procedure

Source: https://www.cisa.gov/phishing

Topics

#phishing email#security awareness#incident response#social engineering defense

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice