A security architect wants to configure a mail server so it maintains an updated list of IoCs and blocks known-malicious incoming emails. Which of the following will the security architect most likely need for this task? (Select two)
To keep the mail server up to date with indicators of compromise (IoCs) and block known-malicious emails, the security architect needs mechanisms to ingest new threat intelligence and apply it dynamically. The best solutions are:
Threat Feed API (B): This provides automated updates from external or commercial threat intelligence providers. By integrating a threat feed, the mail server can regularly fetch IoCs such as malicious domains, IPs, or attachment hashes.
Webhooks (D): These allow real-time or near real-time updates when new IoCs are published. Instead of waiting for scheduled pulls, the mail server can receive push notifications with updated indicators, ensuring rapid response to evolving threats.
Other options are less effective. Log analyzers (A) assist with monitoring but don’t actively update or block threats. A scheduled task (C) may automate local operations but lacks the external intelligence integration required. Inbox deletion code (E) is reactive and inefficient. A security runbook (F) defines processes but does not technically enable automated updates.
Thus, the combination of Threat Feed APIs and Webhooks provides continuous, automated IoC ingestion, reducing exposure to malicious email campaigns.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit