Register
Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was not expecting an email from Ann, and it contains
184k views
0 votes
Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was not expecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security team is not sure which files were opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a social engineering attempt to deliver an exploit.

Which of the following would provide greater insight on the potential impact of this attempted attack?

A. Run an antivirus scan on the finance PC.
B. Use a protocol analyzer on the air-gapped PC.
C. Perform reverse engineering on the document.
D. Analyze network logs for unusual traffic.
E. Run a baseline analyzer against the user's computer.

User Kuklei
by
7.3k points

1 Answer

4 votes

Final answer:

To investigate the suspicious email's impact, the security team should perform reverse engineering on the document and analyze network logs.

Step-by-step explanation:

To gain greater insight on the potential impact of the suspicious email and included PDF file sent to Ann from the finance department, the most effective steps would be to both perform reverse engineering on the PDF document (option C) and to analyze network logs (option D) for any unusual traffic.

Reverse engineering the document can reveal the presence of any potential exploits embedded in the PDF, providing insight into what the exploit is designed to do and how it might affect the system should it be executed. Meanwhile, analyzing network logs could indicate if any data was exfiltrated or if the computer communicated with any known malicious servers, helping to determine if the attack was successful and the scope of the impact.

Running an antivirus scan (option A) could also help but might not detect a sophisticated attack, while a protocol analyzer on the air-gapped PC (option B) wouldn't provide information about the impact on the corporate network since the test PC is isolated. Lastly, running a baseline analyzer against the user's computer (option E) would help ascertain any changes made to the system settings or installed applications but wouldn't provide insights into what the malware was designed to do.

User Anderson Matos
by
7.0k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.8m questions

11.4m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Link Copied!