ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 85 discussion

Actual exam question from CompTIA's CS0-002
Question #: 85
Topic #: 1
[All CS0-002 Questions]

After an incident involving a phishing email, a security analyst reviews the following email access log:

Based on this information, which of the following accounts was MOST likely compromised?

  • A. CARLB
  • B. CINDYP
  • C. GILLIANO
  • D. ANDREAD
  • E. LAURAB
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Laudy at Sept. 7, 2022, 1:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TKW36
Highly Voted 2 years, 3 months ago
Selected Answer: D
D. ANDREAD. The reason she was most likely compromised is because of her impossible travel time from Italy to USA and she was PERMITTED access both times. LauraB is not compromised because yes, while she did travel from England to USA in 45 seconds, one login attempt was DENIED! So it's safe to assume one was the REAL Laura and one was a bad actor logging in at about the same time.
upvoted 12 times
...
Lilik
Most Recent 8 months, 4 weeks ago
D is the correct answear due to the fact that the acces was permitted 2 times from different locations.
upvoted 1 times
...
RobV
1 year, 4 months ago
Selected Answer: D
D. ANDREAD
upvoted 1 times
...
JimmyJams
1 year, 9 months ago
Selected Answer: B
If these are email 'access' logs from O365 i might expect to see users appear to connect from different regions depending on the resources that they are accessing but i would not expect access attempts from CHINA if i was based in the west, which i am. CINDYP is seen accessing email from USA which is permitted then a second later seen logging in from CHINA for which the access is DENIED. As a security analyst this would be the FIRST log entry i would query. Why are we seeing failed login attempts into CINDYP' account from CHINA?
upvoted 3 times
...
2Fish
2 years, 1 month ago
Selected Answer: D
D. For reasons already stated here.
upvoted 1 times
...
kabhatti
2 years, 4 months ago
I guess the chance Andrea connecting to a corporate IP or a VPN is not part of the information provided in the question eh
upvoted 2 times
...
maxi99
2 years, 7 months ago
1hr:05mins difference in time for Andread is an impossible travel time, hence the user is compromised.
upvoted 1 times
forklord72
2 years, 6 months ago
what about the 45 seconds it took LauraB to get from England to the U.S.? she was also denied her second attempt, what am I missing here?
upvoted 1 times
TheStudiousPeepz
2 years, 6 months ago
Laura was Denied on "her" second attempt. Real Laura was permitted, Fake Laura got denied.
upvoted 4 times
forklord72
2 years, 6 months ago
I see, makes sense. dumb mistake on my part, thanks
upvoted 1 times
...
...
TheStudiousPeepz
2 years, 6 months ago
Andrea was Permitted on her second attempt, she wasn't denied.
upvoted 3 times
...
...
...
amateurguy
2 years, 8 months ago
Selected Answer: D
andread - D is the answer.
upvoted 2 times
...
Laudy
2 years, 8 months ago
1hr travel time to Italy? lol. Definitely D, ANDREAD.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago