An incident response team requires documentation for an email phishing campaign against a company's email server. Which of the following is the BEST resource to use to start the investigation?
An incident response team requires documentation for an email phishing campaign against a company's email server. Which of the following is the BEST resource to use to start the investigation?
Audit and system logs are the best resource to start the investigation for an email phishing campaign. These logs contain detailed records of activities and can help identify any suspicious or unauthorized access, providing crucial evidence to understand how the phishing attack occurred and its impact on the system.
D - Logs will give you the "documentation" the investigation will need. An SOP will not help provide any evidence of phishing...
A is the correct answer.
In my opinion the SOP is already considered means that inside the SOP there is a certain procedure on how to conduct and start the investigation, so that next is to go on Audits and Log tracings. Just my 2 cents.
Answer D is correct, because it should be part of Standard Operting Procedure