Inspecting Suspicious Email from Corporate Server | Exam 220-1102

D.

In this scenario, Joe reports that his colleagues have received a suspicious email from his account that he did not send. The technician has ruled out email spoofing and verified that the email originated from the corporate email server. This indicates that Joe's email account may have been compromised, and unauthorized access has been gained to his email account. Therefore, the technician needs to take immediate steps to correct this issue to prevent further damage to Joe's email account and the corporate network.

The FIRST step the technician should take to correct this issue is to change the password on Joe's email account. Changing the password will prevent the unauthorized user from accessing Joe's email account and sending malicious emails from his account.

Once the password has been changed, the technician should also advise Joe to update his password regularly and choose a strong password that is not easily guessable. The technician should also check Joe's email settings to ensure that no suspicious forwarding rules or filters have been set up by the unauthorized user.

Although updating the antivirus and performing a full scan on Joe's PC can help identify and remove any malware or viruses that may have caused the email compromise, it should not be the first step in this scenario. It is important to first secure the email account by changing the password to prevent further damage.

Isolating Joe's computer from the network should also not be the first step as this action can disrupt Joe's work and may not be necessary if the email compromise was not caused by malware on his computer.

Finally, checking if Joe's email address has been blacklisted is also not the first step as this action is reactive rather than proactive. Changing the password is a proactive measure that prevents further unauthorized access to the email account.