CompTIA Security+ (SY0-601) — Question 770
A user reports falling for a phishing email to an analyst. Which of the following system logs would the analyst check FIRST?
Answer options
- A. DNS
- B. Message gateway
- C. Network
- D. Authentication
Correct answer: B
Explanation
The Message gateway log should be checked first as it is specifically designed to handle and log email traffic, including phishing attempts. The other logs, such as DNS, Network, and Authentication, might not provide immediate insights into email-related threats.