Certified Information Systems Security Professional (CISSP) — Question 190

An organization suspects it is receiving spoofed e-mails from a foreign-hosted web e-mail service. Where can the MOST relevant be found to begin the process of identifying the perpetrator?

Answer options

• A. E-mail logs from foreign-hosted web server
• B. Message header of received e-mails
• C. Traffic logs from the corporate firewall
• D. Log files of the corporate Simple Mail Transfer Protocol (SMTP) server

Correct answer: B

Explanation

The message header of received emails contains critical information such as the sender's IP address and the path the email took to reach the recipient, making it the best starting point for identifying the perpetrator. While email logs and firewall traffic can provide useful context, they do not offer the direct evidence found in the message headers that can pinpoint the origin of the spoofed emails.