A security analyst inspects the header of an email that is presumed to be malicious and sees the following:
Which of the following is inconsistent with the rest of the header and should be treated as suspicious?
CS0-002 Exam QuestionsBrowse all questions from this exam
CS0-002 Exam - Question 37
Show AnswerHide Answer
Correct Answer: B
The sender's email address is suspicious. The email header shows that the email was received from 'sonic306-20.navigator.mail.company.com', which does not correspond to the yahoo.com domain of the sender's email address ([email protected]). This inconsistency is a common indicator of email spoofing or other malicious activity.
Discussion
6 commentsLaudyOption: B
Sep 6, 2022Its B, but it was sent by "sonic306-20.navigator.mail.company.com", not yahoo. The google server is to be expected since "to" is a gmail.com email. (It's like by-direction-of) Just check your own gmail headers.
anon0621Option: B
Sep 5, 2022The sender is yahoo but the header indicates google
alayeluwa
Apr 10, 2023The google there is expected since it’s sent to a google mail, that’s the delivery. It’s the sonic address that does not correspond with senders yahoo email.
amateurguyOption: B
Sep 9, 2022I say B
R00tedOption: B
Oct 2, 2022B is the correct answer
2FishOption: B
Mar 9, 2023B. The From and "received from" domains do not match.
sorintttOption: B
May 22, 2023unbelievable what a lack of attention on your part! Sonic306 is not an email address but a server through which the email passed, if you have GMAIL, open an email and look in the header. Received: from mail1.static.mailgun.info (mail1.static.mailgun.info. [104.130.122.1]) by mx.google.com with UTF8SMTPS id r9-20020a05622a034900b003f52c2fa74dsi4072172qtw.146.2023.05.22.09.48.04 for <<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ab9f989e989f989999ebccc6cac2c785c8c4c6">[email protected]</a>>