Question 159
Main Page
A user reports a suspected phishing email. What’s the most appropriate first step?
A. Delete the email immediately
B. Block the sender’s domain
C. Analyze the email and investigate for broader compromise
D. Suspend the user’s account
Answer: Analyze the email and investigate for broader compromise
Phishing reports should trigger analysis to determine scope and identify if others are affected.