CompTIA Security+ (SY0-601) — Question 136

A user forwarded a suspicious email to the security team. Upon investigation, a malicious URL was discovered. Which of the following should be done FIRST to prevent other users from accessing the malicious URL?

Answer options

• A. Configure the web content filter for the web address.
• B. Report the website to threat intelligence partners.
• C. Set the SIEM to alert for any activity to the web address.
• D. Send out a corporate communication to warn all users of the malicious email.

Correct answer: A

Explanation

The first step to block access to a malicious URL is to configure the web content filter for that specific web address, ensuring immediate protection for all users. Reporting the website to threat intelligence partners and setting SIEM alerts are important but would not prevent immediate access. Sending out a corporate communication is useful for awareness but does not provide a technical solution to block the URL.