Cisco
350-201 · Question #124
350-201 Question #124: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201 to reveal the answer and full explanation for question #124. The question stem and answer options stay visible for context.
Processes
Question
Employees receive an email from an executive within the organization that summarizes a recent security breach and requests that employees verify their credentials through a provided link. Several employees report the email as suspicious, and a security analyst is investigating the reports. Which two steps should the analyst take to begin this investigation? (Choose two.)
Options
- AEvaluate the intrusion detection system alerts to determine the threat source and attack surface.
- BCommunicate with employees to determine who opened the link and isolate the affected assets.
- CExamine the firewall and HIPS configuration to identify the exploited vulnerabilities and apply
- DReview the mail server and proxy logs to identify the impact of a potential breach.
- ECheck the email header to identify the sender and analyze the link in an isolated environment.
Unlock 350-201 to see the answer
You've previewed enough free 350-201 questions. Unlock 350-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#phishing#email investigation#proxy logs#social engineering