CompTIA CASP+ (CAS-004) — Question 359

A security analyst is reviewing suspicious emails that were forwarded by users. Which of the following is the best method for the analyst to use when reviewing attachments that came with these emails?

Answer options

• A. Reverse engineering
• B. Protocol analysis
• C. Sandboxing
• D. Fuzz testing
• E. Steganography

Correct answer: C

Explanation

Sandboxing is the best method because it allows the analyst to execute the attachments in a controlled environment to observe their behavior without risking the network. Reverse engineering, protocol analysis, fuzz testing, and steganography do not provide the same level of safety or direct observation of potentially harmful attachments as sandboxing does.