ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 23 discussion

Actual exam question from CompTIA's CS0-002
Question #: 23
Topic #: 1
[All CS0-002 Questions]

A help desk technician inadvertently sent the credentials of the company's CRM in cleartext to an employee's personal email account. The technician then reset the employee's account using the appropriate process and the employee's corporate email, and notified the security team of the incident. According to the incident response procedure, which of the following should the security team do NEXT?

  • A. Contact the CRM vendor.
  • B. Prepare an incident summary report.
  • C. Perform postmortem data correlation.
  • D. Update the incident response plan.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by amateurguy at Sept. 3, 2022, 9:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
moonash
Highly Voted 2 years, 3 months ago
The technician sent to employees PERSONAL EMAIL. I think that is the key word. The actions technician took don't seem to contain the issue at hand. How does resetting Corporate Account or Corporate Email affect PERSONAL email? The incident report document needs to be updated or technician needs to contact CRM. I would go with A to contain.
upvoted 6 times
...
nomad421
Highly Voted 2 years, 2 months ago
First of all, I despise all these questions as they are structured badly. But I can see why they claim the answer is D. Their incident response plan is is flawed or they at least need to train their help desk better. However, based on the incident response plan,, containment should be achieved by contacting the CRM and resetting the password for the CRM account. My vote is A
upvoted 5 times
...
fuzzyguzzy
Most Recent 5 months ago
Selected Answer: C
The actions technician took haven't resolved the issue because: * The CRM credentials haven't been reset * The credentials were sent to a personal email The security team needs to investigate this further and do further resets, thus C is the answer.
upvoted 1 times
...
glenndexter
1 year ago
Selected Answer: B
After the incident has been handled by the help desk technician and reported to the security team, the immediate next step in the incident response process is to prepare an incident summary report. This report should document the details of the incident, including what happened, when it occurred, how it was discovered, and the actions taken to mitigate and remediate the incident. The incident summary report provides a formal record of the incident for internal documentation purposes and may also be used for reporting to senior management, compliance purposes, or future incident response planning. While updating the incident response plan (Option D) may be necessary in the long term to incorporate lessons learned from the incident, it is not the immediate next step following the incident.
upvoted 1 times
...
RobV
1 year, 4 months ago
Selected Answer: C
Based on the official steps, the NEXT step after recovery is a postmortem. Recovery: Restore affected systems and services to normal operation. Lessons Learned: Conduct a postmortem analysis of the incident.
upvoted 2 times
...
dymson
1 year, 5 months ago
Selected Answer: C
I agree witch skibby16
upvoted 1 times
...
skibby16
1 year, 6 months ago
Selected Answer: C
The security team should perform postmortem data correlation next after receiving notification of the incident from the help desk technician. Postmortem data correlation is an activity that involves analyzing data from various sources (such as logs, alerts, reports, etc.) to identify root causes, impacts, indicators of compromise (IoCs), lessons learned, and recommendations for improvement after an incident3. Postmortem data correlation can help the security team to Determine how the incident occurred and how it was detected and resolved, Assess the scope and severity of the incident and its effects on confidentiality, integrity, and availability, Identify any gaps or weaknesses in security controls or processes that contributed to the incident, Develop action plans or remediation strategies to prevent recurrence or mitigate future incidents
upvoted 2 times
...
AbdallaAM
1 year, 7 months ago
Selected Answer: B
Among the given options, performing a postmortem data correlation (Option C) seems to be a logical next step as it will help the security team to analyze the incident in detail, learn from it, and identify measures to prevent such incidents in the future. However, preparing an incident summary report (Option B) could also be a viable next step for documentation and initial analysis. The specific next step would depend on the organization's established incident response procedures.
upvoted 2 times
...
sudoaptgoaway
1 year, 7 months ago
Given the context of the situation, the most appropriate next step is: B. Prepare an incident summary report. This step allows the security team to document the incident and its initial response, which is crucial for maintaining a record of the incident and ensuring that all relevant information is captured for further analysis and decision-making. After this step, the team can proceed with a more detailed analysis, data correlation, and any necessary follow-up actions, such as contacting the CRM vendor or updating the incident response plan. -chatGPT
upvoted 1 times
581777a
1 year, 6 months ago
It cracks me up when people use chatgpt. It just gave me a different answer than the one you have posted lolAccording to the incident response procedure described, the next step the security team should take is: C. Perform postmortem data correlation. Performing postmortem data correlation involves analyzing the incident to understand the full scope of the incident, how it occurred, and what data was potentially exposed. This analysis helps the security team identify any potential risks, vulnerabilities, or areas for improvement in the organization's security practices. It's an important step in incident response to ensure that similar incidents can be prevented in the future. While the other options (A, B, and D) may be necessary in the broader incident response process, the immediate next step, in this case, should be to perform postmortem data correlation to understand the incident's details and implications.
upvoted 1 times
...
...
Dree_Dogg
1 year, 8 months ago
Selected Answer: A
I would go with A. They're asking what should be done NEXT... not the near future.
upvoted 1 times
...
MartinRB
1 year, 10 months ago
Selected Answer: A
This incident has nothing to do with the users account but with the CRM credentials, I would go with A, contact the CRM to change their credentials
upvoted 2 times
...
JokerRWild
2 years ago
Selected Answer: A
A. There is a longer period of time to assess the environment. A longer period of time to assess the environment during a vulnerability assessment/penetration test can be more dangerous to the client environment as it provides an opportunity for attackers to exploit vulnerabilities and take advantage of any weaknesses in the system. This potentially gives attackers more time to gather sensitive information, create persistent backdoors into the system, and launch attacks against the organization. The other options are not as dangerous as a longer period for assessment.
upvoted 2 times
...
2Fish
2 years, 2 months ago
Selected Answer: B
B. This verbiage is terrible, but B looks to be the best option for what would come next from an IR team.
upvoted 2 times
...
marc4354345
2 years, 4 months ago
When you look at what the technican did to "remedy" the mistake, it clearly contains some odd actions. Could be that the incident response procedure is wrong and needs to be updated. That's the only aspect I could see that would justify D.
upvoted 1 times
...
MrRobotJ
2 years, 5 months ago
I feel like it is A.
upvoted 3 times
...
david124
2 years, 5 months ago
Selected Answer: B
b correct answer
upvoted 1 times
...
Jimmycyber123
2 years, 6 months ago
Selected Answer: B
B is the best answer here
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago