ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 260 discussion

Actual exam question from CompTIA's CS0-003
Question #: 260
Topic #: 1
[All CS0-003 Questions]

SIMULATION
-

A company recently experienced a security incident. The security team has determined a user clicked on a link embedded in a phishing email that was sent to the entire company. The link resulted in a malware download, which was subsequently installed and run.


INSTRUCTIONS
-


Part 1
-

Review the artifacts associated with the security Incident. Identify the name of the malware, the malicious IP address, and the date and time when the malware executable entered the organization.


Part 2
-

Review the kill chain items and select an appropriate control for each that would improve the security posture of the organization and would have helped to prevent this incident from occurring. Each control may only be used once, and not all controls will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Show Suggested Answer Hide Answer
Suggested Answer:
by voiddraco at Aug. 17, 2024, 4:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Alarming_Subject
Highly Voted 3 months, 2 weeks ago
The malicious executable was invoice.exe, it was in firewall log. Malicious IP ended with 253. The time is correct. Don't memorize the answers, take these questions as opportunity to identify the areas to focus studying on.
upvoted 8 times
...
cf83993
Most Recent 2 months, 2 weeks ago
Is this missing the answers? Seems to be missing some parts on the revealed diagram
upvoted 4 times
...
cy_analyst
2 months, 3 weeks ago
Phishing email: Email filtering Active links: Plain text email format Malicious website access: IP blocklist Malware download: Updated antivirus Malware install: Restricted local user permissions Malware execution: Updated antivirus File encryption: Disk-level encryption
upvoted 3 times
78f9a0a
3 weeks, 1 day ago
I believe the Malware download should be Firewall File type filter instead of updated antivirus. Especially since each control may only be used once.
upvoted 1 times
...
IE17
2 months, 1 week ago
Where did you see the details of the questions? How did you arrive to these answers without seeing the full picture of the questions?
upvoted 2 times
...
thisguyfucks
2 months, 3 weeks ago
I think this is correct except for the Malware Download should be Firewall File type filter: Phishing email: Email filtering Active links: Plain text email format Malicious website access: IP blocklist Malware download: Firewall File type filter Malware install: Restricted local user permissions Malware execution: Updated antivirus File encryption: Disk-level encryption
upvoted 7 times
cy_analyst
2 months, 3 weeks ago
Yes I typed wrong there, thanks for bring this up!
upvoted 3 times
...
...
ID77
2 months, 3 weeks ago
According to the instructions each control may only be used once. Not sure if you can select updated antivirus twice.
upvoted 2 times
...
...
binogamer12
4 months ago
Email: Email Filtering Install: Antivirus Links: Plain Text Execution: Restricted privileges Website Access: IP Blocklist File Encryption: Backup Download: Firewall Rest is difficult without more leads: I guess executable could be the invoice.exe seems like a good phishing way. IP and date only with more info.
upvoted 2 times
alialzehhawi
3 months, 2 weeks ago
So the below is not the correct answer? Kill Chain Item: Phishing email - Email filtering Active links - VPN Malicious website access - IP blocklist Malware download - Firewall file type filter Malware install - Restricted local user permissions Malware execution - Updated antivirus File encryption - Backups Identify the following: Malicious executable - Payroll.xlsx Malicious IP Address - 81.161.63.103 Date/time malware entered organization - 1 Dec 2019 14:03:19
upvoted 1 times
pendekarsuling
2 months, 4 weeks ago
how can xlsx can be malware ?
upvoted 1 times
Freshly
2 months ago
Yes. The can use macros to execute code written into a file and a few others. Actually one of the questions on the exam asks you to handle a situation where an excel spreadsheet executes malicious macros.
upvoted 1 times
jdlrosa
1 month ago
Yes, but it says that the malware was installed. So a .exe is more an option.
upvoted 1 times
...
...
...
...
...
voiddraco
4 months, 3 weeks ago
wouldn't the IP be 81.161.62.253 ? and not 81.161.62.103 ? or am I missing something?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago