Question

An organization's Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO's inbox from a familiar name with an attachment.

Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe?

A. Place it in a malware sandbox.
B. Perform a code review of the attachment.
C. Conduct a memory dump of the CFOג€™s PC.
D. Run a vulnerability scan on the email server.

Answer 1

The CISO should have the security analyst place the unexpected email attachment in a malware sandbox to determine its safety without risking the network or devices.

Step-by-step explanation:

To determine if the unexpected email attachment received by the CFO is safe, the CISO should instruct a security analyst to place the attachment in a malware sandbox. A malware sandbox is an isolated testing environment that allows users to execute and observe potentially malicious software without risk to the network or devices.

This is a part of proactive cybersecurity measures to prevent potential threats from affecting organizational assets. Performing a code review or conducting a memory dump of the CFO’s PC are actions that could be taken post-infection to understand the cause or extent of an attack.

The proactive approach of utilizing a sandbox allows the analyst to safely analyze the behavior of the attachment and ensure that regular operations remain secure from potential threats.