ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-001 All Questions

View all questions & answers for the CS0-001 exam
Go to Exam

Exam CS0-001 topic 1 question 351 discussion

Actual exam question from CompTIA's CS0-001
Question #: 351
Topic #: 1
[All CS0-001 Questions]

The Chief Information Security Officer (CISO) has asked the security analyst to examine abnormally high processor utilization on a key server. The output below is from the company's research and development (R&D) server.

Which of the following actions should the security analyst take FIRST?

  • A. Initiate an investigation
  • B. Isolate the R&D server
  • C. Reimage the server
  • D. Determine availability
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by s3curity1 at June 2, 2020, 8:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
s3curity1
Highly Voted 4 years, 7 months ago
Isolate without investigating properly?
upvoted 6 times
s3curity1
4 years, 7 months ago
This should be A. We're not yet sure whether the spike in the 19:06 time is malicious or not. This could be a planned change or something.
upvoted 9 times
...
...
BigBo01010
Highly Voted 4 years, 6 months ago
This question is on the exam.
upvoted 5 times
shakevia463
3 years ago
Thanks Bo
upvoted 1 times
...
...
wajdi
Most Recent 3 weeks, 6 days ago
Selected Answer: A
the first step is to investigate the cause behind the increased CPU usage. This includes examining the processes running on the server, checking for unusual or unexpected activities, and reviewing logs for any signs of compromise or exploitation. A thorough investigation will help determine whether the issue is a malicious activity or not.
upvoted 1 times
...
somsom
3 years, 10 months ago
isolate then investigate
upvoted 1 times
...
pc_addict
4 years, 1 month ago
If it was a business critical production server the isolation could be problematic to say the least. However this is R&D so isolate and then investigate.
upvoted 1 times
...
Ashfaq2
4 years, 2 months ago
Already server is in a critical condition, High User and Processors. Without isolating the server how you perform the investigation such instance. Also ideally, investigation already performed by the snippet. it clearly indicates something unusual thing going on. So i go with Isolation
upvoted 1 times
...
Death2QuestionWriters
4 years, 2 months ago
Plenty of perfectly valid reasons for CPU spikes. Isolating before investigating thoroughly is going off half-cocked, and you should probably be fired.
upvoted 1 times
...
Toyeeb
4 years, 4 months ago
it is B because and investigation as already been initiated i.e The CISO asking the security Analyst to examine the server is an investigation initiation. what comes next should be isolation which is B
upvoted 3 times
[Removed]
4 years, 3 months ago
Asking someone to examine something doesn't mean an investigation has been initiated as that's more informal while an investigation is more formal as it triggers the incident response plan.
upvoted 1 times
...
...
iphy
4 years, 5 months ago
I also think its A, The keyword in the question states "Examine" which is like start investigation.You isolate when you have done vulnerability scan and confirm there is an incidence and scanning is examination first. i dont know how its B though
upvoted 1 times
...
Blind_Hatred
4 years, 6 months ago
The right answer is A. This almost comes straight from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf. The activity is an "indicator" - not yet an incident! - and the first step we need to do is "Incident Analysis" to confirm that this even an incident to begin with. So to summerize: A would be first. Depending on the outcome of the investigation, it would then be B or D (B - which is part of the Containment process - in case it is an incident, D in case it isn't). And lastly, we'd move to C, which is part of the Eradication process.
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago