Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam CS0-002 topic 1 question 86 discussion

Actual exam question from CompTIA's CS0-002
Question #: 86
Topic #: 1
[All CS0-002 Questions]

An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs, the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint. Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?

  • A. Patching logs
  • B. Threat feed
  • C. Backup logs
  • D. Change requests
  • E. Data classification matrix
Show Suggested Answer Hide Answer

Suggested Answer: E

Comments

somsom
1 month, 2 weeks ago
D change request
upvoted 1 times
...
americaman80
1 month, 3 weeks ago
D is the correct answer. source: https://docs.bmc.com/docs/remedyforce/201702/en/overview-of-change-management-679715359.html
upvoted 1 times
...
I_heart_shuffle_girls
2 months, 4 weeks ago
E seems to be geared towards categories such as confidential, secret, top secret etc. D however would tell us if a new user was needed and was added. I chose D.
upvoted 3 times
Obi_Wan_Jacoby
2 months, 2 weeks ago
Agreed. D would tell us maybe the classification level of the data on the endpoint, but does not tell us why the user with root level permissions was created to begin with.
upvoted 3 times
Obi_Wan_Jacoby
2 months, 2 weeks ago
D is correct, E would tell us maybe the classification level of the data on the endpoint, but does not tell us why the user with root level permissions was created to begin with.
upvoted 3 times
...
...
...
btoopalow
2 months, 4 weeks ago
I thought D. to make sure its not a legitimate root user
upvoted 3 times
...

SaveCancel