KT-EMS Malicious attachments

An invoice attachment is a password-protected ZIP containing a .lnk file. What is the SAFEST handling step?

Multiple choice — select one answer

Answer choices

  1. a. Rename the .lnk to .txt to neutralize it, without security or identity team coordination per policy.
  2. b. Ask the sender for the password in email reply, without security or identity team coordination per policy.
  3. c. Sandbox detonation in an isolated environment before any user execution
  4. d. Forward to finance to open on their desktop, without security or identity team coordination per policy.

Architectural breakdown & explanation

Password-protected archives bypass scanners; sandbox analysis avoids user execution risk.

Correct answer(s): c. Sandbox detonation in an isolated environment before any user execution

Exam domain: Malicious attachments (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Email Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.