CompTIA Security+ (SY0-501) — Question 928

Many employees are receiving email messages similar to the one shown below:

From IT department -

To employee -

Subject email quota exceeded -
Pease click on the following link http:www.website.info/email.php?quota=1Gb and provide your username and password to increase your email quota. Upon reviewing other similar emails, the security administrator realized that all the phishing URLs have the following common elements; they all use HTTP, they all come from .info domains, and they all contain the same URI.
Which of the following should the security administrator configure on the corporate content filter to prevent users from accessing the phishing URL, while at the same time minimizing false positives?

Answer options

• A. BLOCK http://www.*.info/"
• B. DROP http://"website.info/email.php?*
• C. Redirect http://www,*. Info/email.php?quota=*TOhttp://company.com/corporate_polict.html
• D. DENY http://*.info/email.php?quota=1Gb

Correct answer: D

Explanation

The correct answer is D because it specifically denies access to the phishing URL that matches the identified pattern. Option A is too broad and might block legitimate websites, while option B does not cover all necessary cases. Option C redirects to a different page but does not prevent access to the malicious URL.