CompTIA Exam CS0-003 Topic 4 Question 34 Discussion

Actual exam question for CompTIA's CS0-003 exam

Question #: 34
Topic #: 4

A SOC receives several alerts indicating user accounts are connecting to the company's identity provider through non-secure communications. User credentials for accessing sensitive, business-critical systems could be exposed. Which of the following logs should the SOC use when determining malicious intent?

ADNS

Btcpdump

CDirectory

DIDS

Show Suggested Answer

Suggested Answer: D

Intrusion Detection Systems (IDS) logs provide visibility into network traffic patterns and can help detect insecure or unusual connections. These logs will show if non-secure protocols are used, potentially revealing exposed credentials. According to CompTIA CySA+, IDS logs are essential for identifying malicious activity related to communications and network intrusions. Options like DNS (A) and tcpdump (B) provide network details, but IDS specifically monitors for intrusions and unusual activities relevant to security incidents.

by Ernie at Oct 21, 2024, 02:05 PM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Rebecka

3 days ago

Hmm, I'm not so sure. Wouldn't the tcpdump logs give you a more comprehensive view of the network traffic? That seems like the logical choice to me.

upvoted 0 times

...

Kris

7 days ago

I think the IDS logs would be the best option to determine malicious intent. They would provide the most detailed information about the suspicious network activity.

upvoted 0 times

...

Tora

13 days ago

I agree with Meaghan. tcpdump can capture network traffic and help identify any suspicious activity.

upvoted 0 times

...

Meaghan

16 days ago

I think the SOC should use tcpdump to determine malicious intent.

upvoted 0 times

...