CompTIA CySA+ (CS0-003) — Question 245

A SOC analyst wants to improve the proactive detection of malicious emails before they are delivered to the destination inbox. Which of the following is the best approach the SOC analyst can recommend?

Answer options

• A. Install UEBA software on the network.
• B. Validate and quarantine emails with invalid DKIM and SPF headers.
• C. Implement an EDR system on each endpoint.
• D. Deploy a DLP platform to block unauthorized and suspicious content.

Correct answer: B

Explanation

Option B is the correct answer because validating and quarantining emails with invalid DKIM and SPF headers directly targets the authenticity of the emails, helping to prevent malicious ones from being delivered. The other options, while useful in their own rights, do not specifically address the proactive detection of malicious emails in transit.