CompTIA Cloud Essentials+ (CLO-002) — Question 45

An incident response team requires documentation for an email phishing campaign against a company's email server. Which of the following is the BEST resource to use to start the investigation?

Answer options

• A. Audit and system logs
• B. Change management procedures
• C. Departmental policies
• D. Standard operating procedures

Correct answer: A

Explanation

The best resource to start the investigation is the Audit and system logs, as they provide detailed records of email activities and can reveal evidence of the phishing attack. Change management procedures, departmental policies, and standard operating procedures are not specifically designed for tracking email incidents and would not provide the necessary details to investigate the phishing campaign.