Exam CS0-002 topic 1 question 86 discussion

Actual exam question from CompTIA's CS0-002

Question #: 86
Topic #: 1

An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs, the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint. Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?

A. Patching logs
B. Threat feed
C. Backup logs
D. Change requests
E. Data classification matrix

Show Suggested Answer

Suggested Answer: E

by btoopalow at Jan. 18, 2021, 9:28 a.m.

Comments

Submit Cancel

somsom

1 month, 2 weeks ago

D change request

upvoted 1 times

...

americaman80

1 month, 3 weeks ago

D is the correct answer. source: https://docs.bmc.com/docs/remedyforce/201702/en/overview-of-change-management-679715359.html

upvoted 1 times

...

I_heart_shuffle_girls

2 months, 4 weeks ago

E seems to be geared towards categories such as confidential, secret, top secret etc. D however would tell us if a new user was needed and was added. I chose D.

upvoted 3 times

Obi_Wan_Jacoby

2 months, 2 weeks ago

Agreed. D would tell us maybe the classification level of the data on the endpoint, but does not tell us why the user with root level permissions was created to begin with.

upvoted 3 times

Obi_Wan_Jacoby

2 months, 2 weeks ago

D is correct, E would tell us maybe the classification level of the data on the endpoint, but does not tell us why the user with root level permissions was created to begin with.

upvoted 3 times

...

btoopalow

2 months, 4 weeks ago

I thought D. to make sure its not a legitimate root user

upvoted 3 times

...

Exam CS0-002 topic 1 question 86 discussion

Comments

somsom

americaman80

I_heart_shuffle_girls

Obi_Wan_Jacoby

Obi_Wan_Jacoby

btoopalow

The 5 Most In-Demand Project Management Certifications of 2019

A Beginners Guide to SQL