ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 118 discussion

Actual exam question from CompTIA's CS0-002
Question #: 118
Topic #: 1
[All CS0-002 Questions]

In SIEM software, a security analyst detected some changes to hash signatures from monitored files during the night followed by SMB brute-force attacks against the file servers. Based on this behavior, which of the following actions should be taken FIRST to prevent a more serious compromise?

  • A. Fully segregate the affected servers physically in a network segment, apart from the production network.
  • B. Collect the network traffic during the day to understand if the same activity is also occurring during business hours.
  • C. Check the hash signatures, comparing them with malware databases to verify if the files are infected.
  • D. Collect all the files that have changed and compare them with the previous baseline.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by amateurguy at Sept. 14, 2022, 8:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
novolyus
1 year, 7 months ago
Don´t you realize that it is a nonsense to remove PHYSICALLY the servers in order to add to another network segment to isolate them?
upvoted 1 times
...
kyky
2 years ago
Selected Answer: D
D. Collect all the files that have changed and compare them with the previous baseline. By collecting the files that have changed and comparing them with the previous baseline, you can identify any unauthorized modifications or potential compromises. This step helps in understanding the nature of the changes and determining if they are malicious or not. It allows you to assess the scope and impact of the incident.
upvoted 1 times
kyky
2 years ago
Once you have identified the modified files, you can analyze them for any signs of malware or suspicious activity. This may involve scanning the files using antivirus software, checking their hash signatures against known malware databases, or performing deeper analysis to detect any indicators of compromise.
upvoted 1 times
...
...
khrid4
2 years, 3 months ago
Selected Answer: A
We are talking about a file server that have clients/end-users that may be connecting to it. Answer A, ensures that the users won't be able to access the possible maliciously altered files PREVENTING a more serious compromise.
upvoted 2 times
...
yolylight
2 years, 3 months ago
Selected Answer: C
First confirm that an compromise has occurred
upvoted 1 times
josephconer1
2 years, 3 months ago
They state it was brute force -- that's an IoC. Next step is to "prevent" any further damage AKA the answer can only be A.
upvoted 2 times
...
...
Mockento
2 years, 7 months ago
A - First to prevent
upvoted 2 times
2Fish
2 years, 3 months ago
Agree, First to prevent = contain the treat and segment/separate.
upvoted 1 times
...
...
sh4dali
2 years, 9 months ago
Selected Answer: A
"FIRST to prevent" I would say A too.
upvoted 1 times
...
amateurguy
2 years, 9 months ago
Selected Answer: A
A. should be done first to prevent more serious compromise.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel