ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 52 discussion

Actual exam question from CompTIA's CS0-002
Question #: 52
Topic #: 1
[All CS0-002 Questions]

As part of an intelligence feed, a security analyst receives a report from a third-party trusted source. Within the report are several domains and reputational information that suggest the company's employees may be targeted for a phishing campaign. Which of the following configuration changes would be the MOST appropriate for intelligence gathering?

  • A. Update the whitelist.
  • B. Develop a malware signature.
  • C. Sinkhole the domains.
  • D. Update the blacklist.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Laudy at Sept. 6, 2022, 9:16 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
amateurguy
Highly Voted 2 years, 9 months ago
Selected Answer: C
Sinkhole the domains would be best for INTELLIGENCE GATHERING but updating the blacklist would be the best way to prevent future issues. So i would assume Sinkhole is what they want.
upvoted 10 times
2Fish
2 years, 3 months ago
Agree. It took me a minute, but the verbiage INTELLIGENCE GATHERING leads me to think C.
upvoted 2 times
...
...
R00ted
Highly Voted 2 years, 9 months ago
Selected Answer: C
"intelligence gathering"
upvoted 6 times
...
RobV
Most Recent 1 year, 6 months ago
Selected Answer: C
C. Sinkhole the domains. In this scenario, sinkholing the domains would be the most appropriate configuration change for intelligence gathering. Sinkholing involves redirecting traffic from malicious domains to a controlled infrastructure, allowing security professionals to monitor and analyze the malicious activity without exposing the targeted individuals to actual threats. This helps in gathering intelligence on the tactics, techniques, and procedures (TTPs) of the potential threat actors. The other options, such as updating the whitelist, developing a malware signature, or updating the blacklist, are more focused on reactive measures and may not be as effective in gathering intelligence on the threat actors and their activities. Sinkholing, on the other hand, provides an opportunity for proactive intelligence gathering while protecting the targeted individuals from potential harm.
upvoted 1 times
...
novolyus
1 year, 7 months ago
Selected Answer: C
Like many others said "INTELLIGENCE GATHERING" are the keywords to choose C
upvoted 1 times
...
Hershey2025
1 year, 11 months ago
D is the correct answer... why sinkhole? You are not asked to investigate it further...it was already investigated by a trusted source.
upvoted 2 times
...
CyberNoob404
2 years, 5 months ago
Selected Answer: C
If you are trying to gather intelligence, you would Sinkhole. (C)
upvoted 2 times
...
f3lix
2 years, 6 months ago
Selected Answer: C
Just read this not too long - Sinkholing it is: [ C ]
upvoted 2 times
...
Laudy
2 years, 10 months ago
Selected Answer: C
"A sinkhole is a server designed to capture malicious traffic and prevent control of infected computers by the criminals who infected them" https://www.wired.com/story/what-is-sinkholing/
upvoted 3 times
Laudy
2 years, 10 months ago
Key words are "intelligence gathering"
upvoted 2 times
...
...
Laudy
2 years, 10 months ago
D sounds right
upvoted 1 times
TheStudiousPeepz
2 years, 8 months ago
What did you score on the Cysa+ ?
upvoted 2 times
SolventCourseisSCAM
2 years, 8 months ago
she failed third time because of this question :D
upvoted 2 times
...
...
SolventCourseisSCAM
2 years, 8 months ago
this is the reason you failed three times, right :D
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel