Cisco
350-201 · Question #29
350-201 Question #29: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201 to reveal the answer and full explanation for question #29. The question stem and answer options stay visible for context.
Question
A SOC analyst is investigating a recent email delivered to a high-value user for a customer whose network their organization monitors. The email includes a suspicious attachment titled "Invoice RE: 0004489". The hash of the file is gathered from the Cisco Email Security Appliance. After searching Open Source Intelligence, no available history of this hash is found anywhere on the web. What is the next step in analyzing this attachment to allow the analyst to gather indicators of compromise?
Options
- ARun and analyze the DLP Incident Summary Report from the Email Security Appliance
- BAsk the company to execute the payload for real time analysis
- CInvestigate further in open source repositories using YARA to find matches
- DObtain a copy of the file for detonation in a sandbox
Unlock 350-201 to see the answer
You've previewed enough free 350-201 questions. Unlock 350-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.