CAS-003 · Question #784
CAS-003 Question #784: Real Exam Question with Answer & Explanation
The correct answer is A: Contact the security department at the business partner and alert them to the email event.. The emails contain no URLs or images - meaning there are no malicious links for employees to click and no embedded tracking pixels or malware. The emails appear to originate from a known, trusted business partner. The most likely scenario is that the business partner's email syst
Question
Options
- AContact the security department at the business partner and alert them to the email event.
- BBlock the IP address for the business partner at the perimeter firewall.
- CPull the devices of the affected employees from the network in case they are infected with a
- DConfigure the email gateway to automatically quarantine all messages originating from the
Explanation
The emails contain no URLs or images - meaning there are no malicious links for employees to click and no embedded tracking pixels or malware. The emails appear to originate from a known, trusted business partner. The most likely scenario is that the business partner's email system has been compromised and is being used to send suspicious messages. The correct first step is to contact the security team at the business partner to alert them, so they can investigate and remediate their own compromise. Blocking the partner's IP (B) would disrupt legitimate business operations and is premature. Pulling employee devices (C) is unwarranted since no malicious content was delivered. Auto-quarantining all messages from the partner (D) is also premature and would interrupt business communications. Coordinating with the partner's security team is the appropriate, proportionate response.
Community Discussion
No community discussion yet for this question.