CompTIA CySA+ (CS0-003) — Question 366

A systems administrator receives several reports about emails containing phishing links. The hosting domain is always different, but the URL follows a specific pattern of characters.

Which of the following is the best way for the administrator to find more messages that were not reported?

Answer options

• A. Search email logs for a regular expression.
• B. Open a support ticket with the email hosting provider.
• C. Send a memo to all staff asking them to report suspicious emails.
• D. Query firewall logs for any traffic with a suspicious website.

Correct answer: A

Explanation

The correct answer is A because using a regular expression allows the administrator to efficiently search through email logs for the specific URL pattern associated with phishing attempts. Options B and C are less proactive and would not provide immediate results, while option D focuses on network traffic rather than identifying specific emails in the logs.