ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 234 discussion

Actual exam question from CompTIA's CS0-003
Question #: 234
Topic #: 1
[All CS0-003 Questions]

A systems administrator notices unfamiliar directory names on a production server. The administrator reviews the directory listings and files, and then concludes the server has been compromised. Which of the following steps should the administrator take next?

  • A. Inform the internal incident response team.
  • B. Follow the company's incident response plan.
  • C. Review the lessons learned for the best approach.
  • D. Determine when the access started.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Myfeedins479 at Aug. 15, 2024, 5:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kinny4000
Highly Voted 10 months, 2 weeks ago
Selected Answer: B
Gotta follow the plan, when stuck, CompTIA always want you to select "follow the plan". Even if following the plan means A, B is more correct because there may be a specific protocol for how it is communicated to the IRT.
upvoted 9 times
...
ID77
Highly Voted 11 months ago
Selected Answer: B
I am going also with B. Informing the incident response team is part of the incident response plan.
upvoted 6 times
...
Freshly
Most Recent 9 months, 1 week ago
Selected Answer: B
If you have a system admin is considered a stakeholder and key leadership on a team. Yall system admin... They better know the response plan and refer to it.
upvoted 1 times
...
hashed_pony
10 months ago
Selected Answer: A
The network admin is not part of the security team. They don't know what the incident response plan is. All they can do is contact the security team. Then yes, the security team DOES KNOW what the incident response plan is and follow through with it.
upvoted 1 times
...
xplicit670
10 months, 2 weeks ago
Selected Answer: B
In my opinion, you always follow the company's incident plan
upvoted 2 times
...
TurboMor
11 months, 3 weeks ago
Selected Answer: A
Who detected the incident was a system administrator, not a member of the security team. For that reason, I would select option A, so that the entire team then can follow the incident response plan.
upvoted 3 times
hashed_pony
10 months ago
Exactly. Incident Response Plan is delegated to the security team. The network administrator probably has no idea what the steps are. The network admin has to do what's best in their stance: contact the security team.
upvoted 1 times
...
Jay2021aws
11 months, 2 weeks ago
While informing the incident response team is crucial, it is generally part of the larger process of following the incident response plan. = B
upvoted 3 times
SH_
11 months ago
Typically only members of the IRT can declare an incident. So if the sys admin can declare the incident, then they can follow the incident response plan as well. So I'll go with B.
upvoted 2 times
...
...
...
Myfeedins479
1 year ago
Selected Answer: A
Is it A? is it B? the world may never know! We're just gonna have to assume that the Sysadmin is on the incident response team and is trained/qualified to carry out the activities involved in incident response. Thanks CompTIA.
upvoted 3 times
voiddraco
1 year ago
it's B, always follow the document
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel