CompTIA Cloud+ (CV0-002) — Question 26

Several suspicious emails are being reported from end users. Organizational email is hosted by a SaaS provider. Upon investigation, the URL in the email links to a phishing site where users are prompted to enter their domain credentials to reset their passwords. Which of the following should the cloud administrator do to protect potential account compromise?

Answer options

• A. Forward the email to the systems team distribution list and provide the compromised user list.
• B. Click on the URL link to verify the website and enter false domain credentials.
• C. Change the encryption key for the entire organization and lock out all users from using email until the issue is remediated.
• D. Notify users who received the email to reset their passwords regardless of whether they click on the URL.

Correct answer: D

Explanation

Option D is correct because it proactively addresses the potential risk by prompting users to secure their accounts. Options A and C do not directly prevent account compromise, while option B poses an additional risk by engaging with the phishing site.