CompTIA Security+ (SY0-701) — Question 204

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?

Answer options

• A. Create a blocklist for all subject lines.
• B. Send the dead domain to a DNS sinkhole.
• C. Quarantine all emails received and notify all employees.
• D. Block the URL shortener domain in the web proxy.

Correct answer: D

Explanation

The best step for the security team is to block the URL shortener domain in the web proxy, as this will prevent users from accessing potentially malicious links. Creating a blocklist for subject lines (A) may not be effective since the subject lines are varied. Sending the dead domain to a DNS sinkhole (B) is not necessary if the domain is already inactive, and quarantining all emails (C) could disrupt normal operations without addressing the root issue.