Palo Alto Networks System Engineer – Cortex — Question 13
A Cortex XSOAR customer has a phishing use case in which a playbook has been implemented with one of the steps blocking a malicious URL found in an email reported by one of the users.
What would be the appropriate next step in the playbook?
Answer options
- A. Email the CISO to advise that malicious email was found.
- B. Disable the user's email account.
- C. Email the user to confirm the reported email was phishing.
- D. Change the user's password.
Correct answer: C
Explanation
The correct answer is C, as confirming with the user helps to validate the phishing report and gather more information. Option A, while informative, does not address the immediate follow-up action needed. Option B is too extreme without further assessment, and option D does not directly relate to the phishing incident at this stage.