🔥 3-day streak
CompTIA CySA+ (CS0-003)69 / 147
Question 69 of 147
A user forwards a suspicious email to the SOC. The message claims to be from the company's payroll provider and asks the recipient to log in via an included link. During analysis, the analyst reviews the raw email headers and notices the following: the 'From' header displays payroll@trustedvendor.com, but the SPF check result is 'softfail', the 'Return-Path' domain is mailer-3847.sendgrid-relay.ru, and DKIM shows 'none'. The Received chain originates from an IP not associated with the vendor's published mail infrastructure. Which conclusion is best supported by these indicators?
Reviewed for accuracy · Report an issueNext question