Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 82

Employees receive an email from an executive within the organization that summarizes a recent security breach and requests that employees verify their credentials through a provided link. Several employees report the email as suspicious, and a security analyst is investigating the reports. Which two steps should the analyst take to begin this investigation? (Choose two.)

Answer options

• A. Evaluate the intrusion detection system alerts to determine the threat source and attack surface.
• B. Communicate with employees to determine who opened the link and isolate the affected assets.
• C. Examine the firewall and HIPS configuration to identify the exploited vulnerabilities and apply recommended mitigation.
• D. Review the mail server and proxy logs to identify the impact of a potential breach.
• E. Check the email header to identify the sender and analyze the link in an isolated environment.

Correct answer: D, E

Explanation

The correct answers, D and E, focus on reviewing logs to assess the impact of the potential breach and analyzing the email header for sender verification and link safety. Options A and C do not directly address the immediate concerns raised by the suspicious email, while B is more about employee engagement than technical investigation.