CompTIA Exam CS0-002 Topic 7 Question 32 Discussion

Actual exam question for CompTIA's CS0-002 exam

Question #: 32
Topic #: 7

A team of security analysts has been alerted to potential malware activity. The initial examination indicates one of the affected workstations is beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team's NEXT step during the detection phase of this response process?

AEscalate the incident to management, who will then engage the network infrastructure team to keep them informed.

BDepending on system criticality, remove each affected device from the network by disabling wired and wireless connections.

CEngage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses.

DIdentify potentially affected systems by creating a correlation search in the SIEM based on the network traffic.

Show Suggested Answer

Suggested Answer: D

by Amie at May 06, 2022, 06:56 PM

Limited Time Offer

25%

Off

Get Premium CS0-002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!