KT-EMS Phishing

Users report a Teams message with a QR code linking to a fake O365 login. Best containment?

Multiple choice — select one answer

Answer choices

  1. a. Disable Teams chat for all users until the next quarterly security training, without security or identity team coordination per policy.
  2. b. Forward the QR image to external researchers before taking internal action, without security or identity team coordination per policy.
  3. c. Remove messages org-wide, block the URL at proxy, and force password reset for submitters
  4. d. Ask users to scan the QR with personal phones to verify if it is malicious

Architectural breakdown & explanation

Quishing bypasses email filters; rapid takedown and credential resets limit harm.

Correct answer(s): c. Remove messages org-wide, block the URL at proxy, and force password reset for submitters

Exam domain: Phishing (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Email Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.