CompTIA CySA+ (CS0-002) — Question 272

While monitoring the information security notification mailbox, a security analyst notices several emails were reported as spam. Which of the following should the analyst do FIRST?

Answer options

• A. Block the sender in the email gateway.
• B. Delete the email from the company's email servers.
• C. Ask the sender to stop sending messages.
• D. Review the message in a secure environment.

Correct answer: D

Explanation

The correct initial action is to review the message in a secure environment to determine if it poses any real threat or if it can be safely ignored. Blocking the sender, deleting the email, or contacting the sender should only be done after assessing the content of the email to ensure that no malicious activity is overlooked.