Asked by ..
A security analyst performs incident response activities after a recent security incident. They need to analyze a suspicious email attachment and verify the email's authentication to determine the attack's origin.
Which tool should the analyst utilize to accomplish these tasks?
answer
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Network Access Control (NAC)
Security Information and Event Management (SIEM)
Cuckoo Sandbox
All Answers 1
Answered by
GPT-5 mini
AI
Security Information and Event Management (SIEM)
Reason: a SIEM aggregates email gateway and mail server logs (including SPF/DKIM/DMARC results) so you can verify message authentication and origin, and it can integrate with malware analysis tools (like Cuckoo Sandbox) or accept sandbox results to help analyze suspicious attachments and correlate indicators across your environment. DMARC only handles authentication, Cuckoo only handles sandboxing, and NAC is unrelated.
Reason: a SIEM aggregates email gateway and mail server logs (including SPF/DKIM/DMARC results) so you can verify message authentication and origin, and it can integrate with malware analysis tools (like Cuckoo Sandbox) or accept sandbox results to help analyze suspicious attachments and correlate indicators across your environment. DMARC only handles authentication, Cuckoo only handles sandboxing, and NAC is unrelated.
Submit Your Answer
We prioritize human answers over AI answers.
If you are human, and you can answer this question, please submit your answer.