ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 239 discussion

Actual exam question from CompTIA's CS0-003
Question #: 239
Topic #: 1
[All CS0-003 Questions]

During an incident, a security analyst discovers a large amount of PII has been emailed externally from an employee to a public email address. The analyst finds that the external email is the employee’s personal email. Which of the following should the analyst recommend be done first?

  • A. Place a legal hold on the employee’s mailbox.
  • B. Enable filtering on the web proxy.
  • C. Disable the public email access with CASB.
  • D. Configure a deny rule on the firewall.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Jay2021aws at Sept. 3, 2024, 11:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Jay2021aws
Highly Voted 9 months, 3 weeks ago
recommending to place a legal hold on the employee's mailbox should be handled by legal or compliance departments rather than a security analyst. The security analyst's role would be more focused on identifying and containing the breach, gathering evidence, and analyzing the impact. Given the options, a more appropriate initial step would be to disable the public email access with CASB (Option C), as it would immediately prevent further data exfiltration and control the situation. This action helps to contain the breach and limit the exposure of sensitive data.
upvoted 15 times
...
39a1535
Highly Voted 6 months, 4 weeks ago
Selected Answer: C
C. This step helps contain the breach by immediately stopping further unauthorized transfers of PII to external email addresses.
upvoted 5 times
...
Only12go
Most Recent 1 month, 2 weeks ago
Selected Answer: A
✔️ Proper Sequence: Escalate to Legal Place a legal hold on the user’s mailbox and any other relevant data Contain the threat with CASB, IAM, or other security tools Begin full investigation and incident response
upvoted 1 times
...
Paradox_Walnut
2 months ago
Selected Answer: C
Didn't pick "C" due to CompTIA not mentioning anything regarding "Cloud", so I ignored the CASB option. Good on ya CompTIA.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel