ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 263 discussion

Actual exam question from CompTIA's CS0-003
Question #: 263
Topic #: 1
[All CS0-003 Questions]

A security analyst detects an email server that had been compromised in the internal network. Users have been reporting strange messages in their email inboxes and unusual network traffic. Which of the following incident response steps should be performed next?

  • A. Preparation
  • B. Validation
  • C. Containment
  • D. Eradication
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by gomet2000 at Aug. 15, 2024, 10:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gomet2000
Highly Voted 8 months, 3 weeks ago
Selected Answer: C
C. Containment Explanation: Containment involves isolating the compromised system to prevent the attack from spreading further or causing more damage. In this case, containing the compromised email server would be crucial to stopping any further unauthorized access, spam, or malware distribution within the network.
upvoted 7 times
...
ChopSNap
Most Recent 5 months, 2 weeks ago
Selected Answer: C
Containment - always immediately follows after detection. Took my CASP and passed.
upvoted 1 times
...
luiiizsoares
6 months, 2 weeks ago
The one-liner observed in the SIEM alert indicates that the attacker is using PowerShell to download and execute a remote script from an external IP address. • rundll32.exe: A common Windows utility, often misused by attackers to execute arbitrary code. • JavaScript and ActiveXObject: The attacker uses this to execute commands on the system. • PowerShell: With parameters to avoid profile loading and disable execution policy (-ep bypass), allowing the execution of potentially untrusted scripts. • Download and execution of a script: The PowerShell Invoke-Expression (IEX) is used to download and run the script AccessToken.ps1 from an external IP. Best description of the attacker’s intent: C. Attacker is executing PowerShell script “AccessToken.ps1”.
upvoted 1 times
...
TurboMor
8 months, 1 week ago
Selected Answer: C
The incident has already been detected and analyzed, so the next step is containment.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago