ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 73 discussion

Actual exam question from CompTIA's SY0-501
Question #: 73
Topic #: 1
[All SY0-501 Questions]

An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection. Which of the following steps should the responder perform NEXT?

  • A. Capture and document necessary information to assist in the response.
  • B. Request the user capture and provide a screenshot or recording of the symptoms.
  • C. Use a remote desktop client to collect and analyze the malware in real time.
  • D. Ask the user to back up files for later recovery.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Asmin at Aug. 30, 2019, 1:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ales
Highly Voted 5 years, 9 months ago
Analogy: If you are not feeling good and go to the doctor, what does the doctor ask you FIRST? 1. What is wrong with you. 2. Your symptoms. 3. He writes down the info.
upvoted 23 times
bk45
5 years, 8 months ago
4. He asks you to come back later
upvoted 16 times
...
...
KTakahashi
Most Recent 4 years, 1 month ago
Answer: A Step 2) Detection and Analysis = Step 2) Identification Again, this step is similar for both NIST and SANS, but with different verbiage. At this point in the process, a security incident has been identified. This is where you go into research mode. Gather everything you can on the the incident. Then analyze it. Determine the entry point and the breadth of the breach. This process is made substantially easier and faster if you’ve got all your security tools filtering into a single location. https://cybersecurity.att.com/blogs/security-essentials/incident-response-steps-comparison-guide
upvoted 1 times
...
annarae
4 years, 3 months ago
I thought D but now I see that it is wrong since the backup that would be created would already hold the malware
upvoted 2 times
...
Guil
5 years, 1 month ago
cant be B because you are requesting the USER which could be more riskier
upvoted 1 times
MarySK
5 years ago
I don't think taking down information will hurt anyone. besides the attack has already happened.
upvoted 1 times
...
...
kdce
5 years, 1 month ago
A, Document and review symptoms to ID malware
upvoted 1 times
...
Selienk
5 years, 2 months ago
How you know that user is real, it maybe fake user. we need verification him. Why not chose B?
upvoted 1 times
...
Tada2005
5 years, 11 months ago
A is the correct answer.
upvoted 2 times
...
Asmin
5 years, 11 months ago
explain plz
upvoted 1 times
nakres64
4 years, 5 months ago
The first principle: "Preparation: This phase occurs before an incident and provides guidance to personnel on how to respond to an incident.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel