ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 340 discussion

Actual exam question from CompTIA's CS0-002
Question #: 340
Topic #: 1
[All CS0-002 Questions]

During an investigation, an analyst discovers the following rule in an executive’s email client:



The executive is not aware of this rule. Which of the following should the analyst do first to evaluate the potential impact of this security incident?

  • A. Check the server logs to evaluate which emails were sent to .
  • B. Use the SIEM to correlate logging events from the email server and the domain server.
  • C. Remove the rule from the email client and change the password.
  • D. Recommend that the management team implement SPF and DKIM.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by reidsel at May 17, 2023, 7:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
reidsel
Highly Voted 1 year, 11 months ago
In practice the first thing I did was always option C for this kind of email account being compromised incident. Or I would have been fired when the victim executive realized that those emails he received after I checked his email client were still delivered to the threat actor just because I was busy checking server logs and analyzing potential risk..
upvoted 6 times
Meowson
1 year, 11 months ago
Can't agreee more
upvoted 1 times
...
...
novolyus
Most Recent 1 year, 5 months ago
Hey read the question please: "...do first to evaluate the potential impact". Evaluate impact means A
upvoted 1 times
...
kumax
1 year, 6 months ago
Selected Answer: C
ChatGPT: The first step the analyst should take is option C: Remove the rule from the email client and change the password. This action ensures that the rule no longer affects the executive's emails and prevents further misuse of the email account. Additionally, the analyst should further investigate the incident, but removing the unauthorized rule is the immediate priority to mitigate any potential impact. Option A, checking server logs, and Option B, using SIEM to correlate logs, can be part of the broader investigation but aren't the first steps to address the potential security incident. Option D, recommending SPF and DKIM, is related to email security measures but not the immediate response to the incident.
upvoted 1 times
TheStudiousPeepz
1 year, 5 months ago
Stop using chat GPT to answer these questions you plum.
upvoted 2 times
...
...
Saphi
1 year, 7 months ago
Selected Answer: A
Question isn't looking for a fix to the issue but an idea of what's been compromised. Answer is A.
upvoted 3 times
...
Dree_Dogg
1 year, 7 months ago
Selected Answer: A
...do first to EVALUATE the potential impact...
upvoted 1 times
...
johndoe69
1 year, 8 months ago
Selected Answer: C
Exec account compromised. Remove the rule and reset password.
upvoted 1 times
...
Sleezyglizzy
1 year, 9 months ago
A from the older dump
upvoted 1 times
...
Dutch012
1 year, 10 months ago
"to evaluate the potential impact" so I think it's A
upvoted 4 times
kill_chain
1 year, 9 months ago
missed that part... Agree A, the answer is in the question.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago