KT-EMS Malicious attachments

Macro-enabled Excel arrives from an unknown vendor address. Which policy is BEST?

Multiple choice — select one answer

Answer choices

  1. a. Block macros from internet-origin files and use protected view
  2. b. Allow macros if the spreadsheet has a logo, without security or identity team coordination per policy.
  3. c. Disable antivirus to speed opening, without security or identity team coordination per policy.
  4. d. Require users to enable editing on all attachments, without security or identity team coordination per policy.

Architectural breakdown & explanation

Office macros remain a common initial access path; blocking internet macros is baseline.

Correct answer(s): a. Block macros from internet-origin files and use protected view

Exam domain: Malicious attachments (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Email Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.