CompTIA CySA+ (CS0-003) — Question 47

A security analyst must review a suspicious email to determine its legitimacy. Which of the following should be performed? (Choose two.)

Answer options

• A. Evaluate scoring fields, such as Spam Confidence Level and Bulk Complaint Level
• B. Review the headers from the forwarded email
• C. Examine the recipient address field
• D. Review the Content-Type header
• E. Evaluate the HELO or EHLO string of the connecting email server
• F. Examine the SPF, DKIM, and DMARC fields from the original email

Correct answer: B, F

Explanation

Choosing option B is correct because reviewing the headers can provide critical information about the email's origin and routing. Option F is also correct as examining SPF, DKIM, and DMARC fields helps verify the email's authenticity and sender's legitimacy. The other options may offer insights but are not as directly relevant to confirming the email's legitimacy.