Exam CS0-003 topic 1 question 110 discussion

I would check C before looking for D. No point in looking for that needle in a haystack if there is no haystack.

Can someone explain why A is not an option?

Correct Answer: C. Check configurations to determine whether USB ports are enabled on company assets. Analysis: The first step in mitigating the vulnerability is to understand the current state of USB port configurations across company assets. This allows the analyst to quickly determine if USB ports are enabled and could be an attack vector, and to take immediate action such as disabling them or implementing security controls.

Option D, is incorrect. Reviewing logs to see whether the vulnerability has already been exploited is important for understanding the scope of potential impact, but it doesn't address the immediate need to mitigate the vulnerability itself. Therefore, option C is the most appropriate initial step to take in response to the identified vulnerability.

The first step a security analyst should take when dealing with a known, exploited vulnerability is to assess the current impact on the organization. Reviewing logs to determine if the vulnerability has already been exploited within the company is crucial for understanding the scope of the issue and for planning an appropriate response. This step is essential for incident response and for preventing further exploitation of the vulnerability[1][2][5]. Once the immediate impact is assessed, the analyst can then move on to implementing policies, conducting security awareness training, and adjusting configurations to prevent future incidents

I think A is the only real mitigation option. C is "checking" if the company is vulnerable, I would have said C if it was "blocking USB ports". D is checking if the company has been affected, this is not a mitigation.

ITManager worded it very well. I was torn between C & D, but he convinced me it is C.

C) check configurations I agree with ITManager below. Can't find a needle that doesn't exist. Plus, the question says the analyst needs to mitigate (or reduce the risk) of the vulnerability. Checking to see if it has already been exploited (D) doesn't do anything to reduce the risk. It still exists whether the logs show it or not. To reduce the risk, you need to be proactive. C is the best option as it would allow you to disable USB ports if need be.

D. Review logs to see whether this exploitable vulnerability has already impacted the company. This initial step will help the analyst understand the scope and severity of the issue within the organization and inform subsequent mitigation efforts. If the logs reveal that the vulnerability has been exploited, immediate remedial actions will be needed to contain and eliminate the threat.

When dealing with a known and exploited vulnerability related to an attack vector that involves embedding software through the USB interface, the primary concern is to immediately stop the active exploitation and prevent further attacks. Given the options provided, the answeer is the best Check configurations for USB ports (Option C): This is the most immediate action to take. Disabling or securing USB ports on company assets will prevent the attacker from further exploiting the vulnerability through this attack vector. It's a quick and effective way to mitigate ongoing attacks.