exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam

Exam CS0-003 topic 1 question 25 discussion

Actual exam question from CompTIA's CS0-003
Question #: 25
Topic #: 1
[All CS0-003 Questions]

A security alert was triggered when an end user tried to access a website that is not allowed per organizational policy. Since the action is considered a terminable offense, the SOC analyst collects the authentication logs, web logs, and temporary files, reflecting the web searches from the user's workstation, to build the case for the investigation. Which of the following is the best way to ensure that the investigation complies with HR or privacy policies?

  • A. Create a timeline of events detailing the date stamps, user account hostname and IP information associated with the activities
  • B. Ensure that the case details do not reflect any user-identifiable information Password protect the evidence and restrict access to personnel related to the investigation
  • C. Create a code name for the investigation in the ticketing system so that all personnel with access will not be able to easily identify the case as an HR-related investigation
  • D. Notify the SOC manager for awareness after confirmation that the activity was intentional
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
botla
5 days ago
Selected Answer: A
I am voting for A: if the investigation should later be usable by HR for disciplinary actions anonymising will not be helpful, but a proper timeline and attribution to a user will be crutial.
upvoted 1 times
...
CyberMom
1 month ago
Selected Answer: A
Seeing that the information is being collected for investigation, time stampd will be beneficial for forensics.
upvoted 1 times
...
captaintoadyo
4 months, 2 weeks ago
Selected Answer: B
PII is important and should be always protected
upvoted 3 times
...
dave_delete_me
4 months, 2 weeks ago
Always protect the data, whether data at rest, data in transit, data in use or in this case... PII. B. is correct.
upvoted 1 times
...
LifeElevated
9 months, 1 week ago
Selected Answer: B
Because we are dealing with privacy and HR B is the answer. However, A would be the actual investigation to be submitted, hostname and IP isn't really a privacy concern on an organizational network.
upvoted 2 times
...
kmordalv
1 year ago
Selected Answer: B
This is the most logical option to the question posed.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago