ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 224 discussion

Actual exam question from CompTIA's CS0-002
Question #: 224
Topic #: 1
[All CS0-002 Questions]

A user reports a malware alert to the help desk. A technician verifies the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access. The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes. Which of the following should the security analyst do NEXT?

  • A. Document the procedures and walkthrough the incident training guide
  • B. Reverse engineer the malware to determine its purpose and risk to the organization
  • C. Sanitize the workstation and verify countermeasures are restored
  • D. Isolate the workstation and issue a new computer to the user
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Comptia_Secret_Service at Dec. 8, 2022, 11:04 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SimonR2
1 year, 9 months ago
In real life you would disconnect the workstation and issue the user with a new one. Then you would sanitize the workstation. However, this specifically mentions the eradication phase, not containment being the next step. So the answer would be C
upvoted 1 times
...
TKW36
2 years, 3 months ago
Selected Answer: C
Since the helpdesk technician already isolated the machine, the security analyst then comes in and performs his duties of eradication and recovery. Out of all the answers available, C is part of eradication and recovery.
upvoted 3 times
2Fish
2 years, 1 month ago
Agreed. Eradication and recovery matches answer C.
upvoted 1 times
...
...
ms200
2 years, 3 months ago
Isolating the workstation and issuing a new computer to the user is not the NEXT step for the security analyst. While isolating the infected workstation and issuing a new computer to the user is a necessary step in the incident response process, it should not be done until the security analyst has fully understood the nature and extent of the threat posed by the malware.
upvoted 1 times
...
ms200
2 years, 3 months ago
why not B?
upvoted 4 times
...
bob12356
2 years, 4 months ago
Selected Answer: D
D. Isolate the workstation and issue a new computer to the user. Explanation: Isolating the infected workstation and issuing a new computer to the user is the most important step in preventing the malware from spreading further. By isolating the infected workstation, the security analyst can prevent the malware from spreading to other devices on the network, which is critical to maintaining the security of the organization.
upvoted 2 times
[Removed]
2 years, 1 month ago
Much easier to just remove the malware and verify integrity on existing PC, rather then issuing a new endpoint.
upvoted 1 times
...
...
Comptia_Secret_Service
2 years, 4 months ago
Selected Answer: C
C is correct.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago