ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 327 discussion

Actual exam question from CompTIA's CAS-004
Question #: 327
Topic #: 1
[All CAS-004 Questions]

An organization has just been breached, and the attacker is exfiltrating data from workstations. The security analyst validates this information with the firewall logs and must stop the activity immediately. Which of the following steps should the security analyst perform NEXT?

  • A. Determine what data is being stolen and change the folder permissions to read only.
  • B. Determine which users may have clicked on a malicious email link and suspend their accounts.
  • C. Determine where the data is being transmitted and create a block rule.
  • D. Determine if a user inadvertently installed malware from a USB drive and update antivirus definitions.
  • E. Determine if users have been notified to save their work and turn off their workstations.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CXSSP at Sept. 10, 2023, 11:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
e020fdc
11 months, 2 weeks ago
Selected Answer: C
Stop the bleed! Blockblockblock
upvoted 3 times
...
32d799a
1 year, 3 months ago
Selected Answer: C
C. Determine where the data is being transmitted and create a block rule. By identifying where the data is being sent and blocking that destination at the firewall level, the security analyst can halt the ongoing exfiltration activity.
upvoted 3 times
...
CXSSP
1 year, 4 months ago
Selected Answer: C
C. Determine where the data is being transmitted and create a block rule. In a situation where an organization has been breached, and data is being exfiltrated from workstations, the immediate priority is to stop the ongoing data exfiltration. To achieve this, the security analyst should determine where the data is being transmitted to and create a firewall rule to block outbound traffic to that destination.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel