CompTIA CASP+ (CAS-003) — Question 319

An organization's Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO's inbox from a familiar name with an attachment. Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe?

Answer options

• A. Place it in a malware sandbox.
• B. Perform a code review of the attachment.
• C. Conduct a memory dump of the CFO's PC.
• D. Run a vulnerability scan on the email server.

Correct answer: A

Explanation

The correct approach is to place the attachment in a malware sandbox (A), which allows for safe analysis of the file in an isolated environment. A code review (B) may not effectively identify malicious content, a memory dump (C) is unrelated to the attachment itself, and a vulnerability scan on the email server (D) does not directly assess the safety of the specific attachment.