ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 304 discussion

Actual exam question from CompTIA's CS0-002
Question #: 304
Topic #: 1
[All CS0-002 Questions]

A security analyst is investigating a reported phishing attempt that was received by many users throughout the company. The text of one of the emails is shown below:



Office 365 User,

It looks like your account has been locked out. Please click this http://accountfix-office356 com/login.php and follow the prompts to restore access.
Regards,

Security Team -

Due to the size of the company and the high storage requirements, the company does not log DNS requests or perform packet captures of network traffic, but it does log network flow data. Which of the following commands will the analyst most likely execute NEXT?

  • A. telnet off1ce365.com 25
  • B. tracert 122.167.40.119
  • C. curl http://accountfix-office356.com/login.php
  • D. nslookup accountfix-office356.com
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by gnnggnnggnng at Feb. 4, 2023, 1:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gnnggnnggnng
Highly Voted 2 years, 5 months ago
Selected Answer: D
A security analyst is likely to execute the command nslookup accountfix-office356.com next to resolve the domain name to an IP address and find out more information about the domain in question. This is because the email received by many users is a phishing attempt and the analyst wants to identify the source of the email and determine whether the website the email is directing users to is malicious or not. By using the nslookup command, the analyst can identify the authoritative DNS server for the domain and retrieve the IP address associated with it.
upvoted 10 times
...
novolyus
Most Recent 1 year, 7 months ago
Selected Answer: D
A tracert for what reason?
upvoted 1 times
...
karpal
2 years ago
Selected Answer: D
as another user mentioned his logic is good. the analyist need to look into netflow logs to see if any user clicked on that malitioous domain from the email body. to do this he needs the ip address of that domain. the way is using the nslookup to find out the ip address and the look it up in netflow logs.
upvoted 1 times
...
respect9602
2 years, 1 month ago
Selected Answer: B
The originating email domain is off1ce365.com from 122.167.40.119. Take note the mispelling "1" for "i" and "365" instead of "356". What good is it to curl or nslookup a different domain than off1ce365.com? A and B are out. Telnet 122.167.40.119 is out. tracert 122.167.40.119 will help identify the server hosting the phishing email.
upvoted 1 times
...
JoInn
2 years, 2 months ago
Selected Answer: B
Why would anyone do a nslookup if DNS records are not kept? It specifically mentions that AND that we are looking for how to get flow information. Obviously tracert.
upvoted 3 times
Meowson
2 years, 2 months ago
Ya I'm thinking the same as yours.
upvoted 1 times
...
thenewpcgamer
2 years, 2 months ago
DNS REQUESTS ARENT LOGGED. That doesnt mean that DNS records dont exist. Since there are not DNS logs, you would do an nslookup which would provide you with a IP address to the domain in real time... this info is not pulled from logs. With the IP known now we could refer to the network flow logs and verify if any connection attemps have been made to the questionable domain.
upvoted 3 times
...
...
opem
2 years, 3 months ago
Selected Answer: D
https://www.examtopics.com/discussions/comptia/view/71122-exam-cs0-002-topic-1-question-268-discussion/
upvoted 2 times
2Fish
2 years, 3 months ago
Agree. A and B are out for sure, and I'm probably not going to run that curl command since the site is in question.
upvoted 1 times
...
...
db97
2 years, 4 months ago
D. With the nslookup, they will grab the IP address of the phishing domain and then the security analyst will be able to correlate with the netflow data.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel