A security administrator receives multiple reports about the same suspicious email. Which of the following is the most likely reason for the malicious email's continued delivery?
A.
Employees are flagging legitimate emails as spam.
B.
Information from reported emails is not being used to tune email filtering tools.
C.
Employees are using shadow IT solutions for email.
D.
Employees are forwarding personal emails to company email addresses.
If email filtering tools are not tuned based on reported emails, malicious emails will continue to bypass filters. Effective filtering depends on feedback and updating rules with real threat data.
Flagging legitimate emails (A) would cause false positives, shadow IT (C) and forwarding personal emails (D) are less relevant to the filtering bypass.
Tuning email filters is part of continuous Security Operations processes【6:Chapter 14†CompTIA Security+ Study Guide】.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit