exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam

Exam CS0-003 topic 1 question 21 discussion

Actual exam question from CompTIA's CS0-003
Question #: 21
Topic #: 1
[All CS0-003 Questions]

Which of the following security operations tasks are ideal for automation?

  • A. Suspicious file analysis:
    Look for suspicious-looking graphics in a folder.
    Create subfolders in the original folder based on category of graphics found.
    Move the suspicious graphics to the appropriate subfolder
  • B. Firewall IoC block actions:
    Examine the firewall logs for IoCs from the most recently published zero-day exploit
    Take mitigating actions in the firewall to block the behavior found in the logs
    Follow up on any false positives that were caused by the block rules
  • C. Security application user errors:
    Search the error logs for signs of users having trouble with the security application

    Look up the user's phone number -
    Call the user to help with any questions about using the application
  • D. Email header analysis:
    Check the email header for a phishing confidence metric greater than or equal to five
    Add the domain of sender to the block list
    Move the email to quarantine
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Tonying
Highly Voted 11 months, 1 week ago
D is not the best answer, what if the domain of the sender is benign like gmail or yahoo or any free email services then you block those legitimate domains, that will compromise the availability of the firm. Most phishers are using free email services.
upvoted 12 times
Christof
9 months ago
True, domains are not normally blocked. Maybe the answer was supposed to be written better to say the sender address though.
upvoted 2 times
...
...
Geronemo
Highly Voted 10 months ago
Selected Answer: D
This is one of those questions where A,B, or D are all ideal or suitable for automation. b) This task is also suitable for automation. Automated systems can continuously monitor firewall logs for indicators of compromise (IoCs) and promptly take mitigating actions to block malicious behavior, thereby reducing the window of exposure. d) Automating this task is ideal. Automated systems can analyze email headers for phishing indicators and apply predefined actions (such as blocking the sender's domain and moving the email to quarantine) based on confidence metrics, thereby reducing the risk of successful phishing attacks.
upvoted 8 times
Dub3
10 months ago
Agreed!
upvoted 2 times
...
...
bo2la
Most Recent 5 days, 1 hour ago
Selected Answer: B
blocking domain automatically is not ideal, up until moving to quarantine i agree with it
upvoted 1 times
...
alialzehhawi
6 months, 1 week ago
The correct answer is D: Email header analysis is one of the security operations tasks that are ideal for automation. Email header analysis involves checking the email header for various indicators of phishing or spamming attempts, such as sender address spoofing, mismatched domains, suspicious subject lines, or phishing confidence metrics. Email header analysis can be automated using tools or scripts that can parse and analyze email headers and take appropriate actions based on predefined rules or thresholds
upvoted 3 times
...
gomet2000
7 months ago
Selected Answer: D
D. Email header analysis: Check the email header for a phishing confidence metric greater than or equal to five. Add the domain of the sender to the block list. Move the email to quarantine. Explanation: Email header analysis is a repetitive and rule-based task, which makes it an excellent candidate for automation. Automation tools can quickly check the email headers, compare them against predefined phishing confidence metrics, and then take appropriate actions such as adding the sender's domain to a block list and moving the email to quarantine. This process is straightforward, requires minimal human judgment, and can help reduce the workload on security teams by handling large volumes of potentially malicious emails efficiently. Why not B? While examining logs for IoCs and taking blocking actions can be automated to some extent, the follow-up on false positives requires human intervention and judgment, making this task less ideal for full automation.
upvoted 5 times
...
499f1a0
9 months ago
Selected Answer: D
D is the ideal option because B has followup part which can not be automated and must be done by humans.
upvoted 3 times
...
Olae
9 months, 3 weeks ago
The answer is D: Email Header Analysis. Every process there can be completely automated. Those saying B, how do you automate the follow up of false positives?
upvoted 1 times
...
Mehe323
10 months ago
Selected Answer: D
I don't think it should be B because of the zero day exploit part, much more information needs to be uncovered before calling it 'ideal' for automation.
upvoted 3 times
...
dave_delete_me
10 months, 3 weeks ago
D. Email header analysis (for the WIN)!!!!! Seems to be the BEST response to this poorly written question! :-p
upvoted 3 times
...
dave_delete_me
10 months, 3 weeks ago
It can't be. Firewall, because you should be denying all traffic other than what you explicitly permit.
upvoted 1 times
...
BanesTech
10 months, 3 weeks ago
Selected Answer: B
Automating the examination of firewall logs for Indicators of Compromise (IoCs) and taking mitigating actions to block suspicious behavior can significantly enhance the efficiency and effectiveness of security operations. While other tasks listed in options A, C, and D may benefit from some level of automation, such as log analysis or user support workflows, they may involve more nuanced decision-making or human intervention compared to the straightforward IoC blocking actions in option B.
upvoted 2 times
...
89b45b4
1 year ago
Selected Answer: D
The question refers to automation, B is bit more complicated than D. So therefore, D shows that it is a straightforward process and easy to follow. Less mistakes for the automation process to follow through.
upvoted 2 times
...
Goldenghost
1 year ago
Selected Answer: D
I'd lean slightly towards D. Email header analysis as the most ideal in this specific comparison for a few reasons: Maturity: Email filtering has more established rules and better anti-evasion in most tools. Specificity: Phishing confidence metrics give a finer level of granularity compared to firewall IoC blocking, potentially reducing false positives. Important Caveats: Real-world complexity: Both tasks still need some human oversight and tuning. Your environment: The specific firewall and email security tools you use might affect which task is easier to automate effectively.
upvoted 4 times
...
B3hindCl0sedD00rs
1 year, 1 month ago
Selected Answer: D
Gonna have to go with D here as that process can be fully automated.
upvoted 2 times
...
FATWENTYSIX
1 year, 1 month ago
Selected Answer: D
The giveaway in the question is "Ideal." Most organizations opt to use automated email analysis as a first line of defense against malicious and spam emails. Automated tools look for indicators like known malicious or spam senders, often using block lists built using information from around the world. They also scan every email looking for malicious payloads like malware or other unwanted files. The same tools often perform header analysis and message content analysis...(CompTIA CySA+ Study Guide CS0-003, 3rd Edition, CH 3, pg 115, Analyzing Email.)
upvoted 2 times
...
FATWENTYSIX
1 year, 1 month ago
Selected Answer: D The giveaway in the question is "Ideal." Most organizations opt to use automated email analysis as a first line of defense against malicious and spam emails. Automated tools look for indicators like known malicious or spam senders, often using block lists built using information from around the world. They also scan every email looking for malicious payloads like malware or other unwanted files. The same tools often perform header analysis and message content analysis...(CompTIA CySA+ Study Guide CS0-003, 3rd Edition, CH 3, pg 115, Analyzing Email.)
upvoted 1 times
...
Cpt_Emerald
1 year, 1 month ago
Selected Answer: D
True automation from start to finish would be D IMO. Look at the last step in Answer B. "Follow up on any false positives that were caused by the block rules" If it was truly automated, no follow up on FP's would be necessary. automatic block rules creating FP's defeats the purpose of automation.
upvoted 1 times
POGActual
11 months ago
Thats the human interaction part of the alert, to follow up on it. D has ALL steps that can be automated, not just one or tow.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago