ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 328 discussion

Actual exam question from CompTIA's CS0-002
Question #: 328
Topic #: 1
[All CS0-002 Questions]

A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the following should the cybersecurity analyst do FIRST?

  • A. Apply the required patches to remediate the vulnerability
  • B. Escalate the incident to the senior management team for guidance
  • C. Disable all privileged user accounts on the network
  • D. Temporarily block the attacking IP address
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by db97 at Feb. 21, 2023, 7:07 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Orean
Highly Voted 2 years, 1 month ago
Selected Answer: D
The next step after detecting an ongoing attack is to CONTAIN it. D is the optimal course of action in that regard. Solution A should be done AFTER containing it, namely during the eradication phase. B is incorrect because it doesn't provide the requisite immediacy. Also, senior management should have already provided basic guidance for situations like this in the form of training and administrative controls (policies and SOPs). C only provides partial containment at best by hindering privilege escalation, which most likely isn't the only possible attack surface. It's not worth potentially disrupting those accounts' business activities just for a half-measure. D is the only viable option. It's certainly no fix-all, but it'll at least obstruct the attacker immediately without unnecessarily disrupting business operations.
upvoted 5 times
2Fish
2 years, 1 month ago
Agree. The FIRST thing would be to contain this mess and we can move on to patching or applying compensating controls (if any).
upvoted 2 times
...
...
db97
Most Recent 2 years, 2 months ago
I think D makes sense, by following the incident response process this would be a containment action after detecting the attack. Further steps like applying patches would be the eradication.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago