ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 96 discussion

Actual exam question from CompTIA's CAS-004
Question #: 96
Topic #: 1
[All CAS-004 Questions]

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.
Which of the following is the NEXT step of the incident response plan?

  • A. Remediation
  • B. Containment
  • C. Response
  • D. Recovery
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by EZPASS at Aug. 23, 2022, 3:13 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
imather
Highly Voted 10 months, 2 weeks ago
Preparation -> Detection -> Analysis -> Containment -> Eradication -> Recovery -> Lessons learned The SOC has been notified, so preparation and detection is complete. Analysis was done in identifying the file and the origin of attack. Next step is to contain.
upvoted 5 times
...
Luigismansion
Most Recent 10 months, 4 weeks ago
Selected Answer: B
Obviously next step is to contain the threat.
upvoted 1 times
...
BiteSize
11 months, 1 week ago
Selected Answer: B
Containment Steps for a CSIRT via NIST 800-53 1. Identify - what's on your network and vulnerabilities there are 2. Protect - Setup controls and mitigate them with technical controls (patching, segmentation, ACL's, least privilege) Setup administrative controls via Continous monitoring (CONMON) and processes Detect - Alert triggers via an event, triage to verify if false positive or true positive Respond - isolate (contain) the issue from spreading, remove the infection Recover - Restore systems, update lessons learned Source: https://www.nist.gov/cyberframework/online-learning/five-functions Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
upvoted 1 times
f7bc9da
1 month, 2 weeks ago
Answer is correct - just want to add the actual CSIRT steps outlined in CAS-004 (page 272 of fourth edition) 1. Preparation 2. Detection 3. Analysis 4. Containment 5. Recovery 6. Investigation and closure 7. Lessons learned
upvoted 1 times
...
...
g_
1 year, 3 months ago
Selected Answer: B
Containment
upvoted 2 times
...
practical_93
1 year, 6 months ago
Selected Answer: B
Next is to "Containment" the issue.
upvoted 3 times
...
EZPASS
1 year, 10 months ago
Selected Answer: B
'Containment' is correct.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel