CompTIA Security+ (SY0-601) — Question 520

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?

Answer options

• A. Create a blocklist for all subject lines.
• B. Send the dead domain to a DNS sinkhole.
• C. Quarantine all emails received and notify all employees.
• D. Block the URL shortener domain in the web proxy.

Correct answer: B

Explanation

The best action is to send the dead domain to a DNS sinkhole, as this will effectively prevent any further attempts to access that domain and can help in identifying malicious activity. Creating a blocklist for all subject lines may not be effective since the subject lines can vary widely. Quarantining all emails and notifying employees may not address the root cause, and blocking the URL shortener domain in the web proxy might only stop new links rather than addressing the existing threat.