ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 325 discussion

Actual exam question from CompTIA's CS0-002
Question #: 325
Topic #: 1
[All CS0-002 Questions]

A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident. The analyst determines backups were not performed during this time and reviews the following:



Which of the following should the analyst review to find out how the data was exfiltrated?

  • A. Monday's logs
  • B. Tuesday's logs
  • C. Wednesday's logs
  • D. Thursday's logs
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by AaronS1990 at Feb. 18, 2023, 1:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Dez1
Highly Voted 2 years, 1 month ago
Selected Answer: D
This answer has to be D. There's low traffic on Wednesday, outbound traffic maxes out at 300Mbps but Thursday has around 1000Mbps of outbound traffic at midnight, when the office is closed.
upvoted 7 times
2Fish
2 years, 1 month ago
D, Agreed. I did not catch that at first. This question is a little tricky if you are not paying attrention.
upvoted 4 times
...
...
Leonidasss
Most Recent 2 years ago
thank you guys for helping me understand this!
upvoted 3 times
...
[Removed]
2 years, 1 month ago
Selected Answer: D
It is D. There is a HUGE fall off at 1900 on inbound connections, and around 2100 there is a sharp increase of outbound traffic with no inbound traffic increase too match. Meaning whatever is being passed is only moving in 1 direction. Thus warrants further investigation.
upvoted 4 times
...
AaronS1990
2 years, 2 months ago
Selected Answer: D
As stated below over the course of several comments: Wednesday looks the most different but Thursday's is the only one where outbound data Far exceeds inbound data. It's also the only day with a lot of outbound data if you actually look at the numbers on the scale. The only thing that deterred me was that Thursday's looked like backup however the question specifically states "backups were not performed during this time". Also for an exam of this difficulty, for me it's just too easy that Wednesday is the answer as the other three days look so similar at a glance. We all know what CompTIA can be like for making us thoroughly read the question and this is another example of that. I'm going with D
upvoted 3 times
G_f_b
2 years, 1 month ago
it's such a bad question though. To arrive at D means you need to know comptia is relying on reading into the question, rather than performing analysis.. because they specifically said there are no backups is the only reason to look at thursday over wednesday. Otherwise wednesday looks more anomalous
upvoted 1 times
...
...
AaronS1990
2 years, 2 months ago
Whilst Wednesday looks lke the odd one out, when you look at how many Mbs of data are flooding out of the network then surely the early and late hours of Thursday are the biggest concern... Outbound traffic is heavy and far exceeding inbound at these times
upvoted 4 times
db97
2 years, 2 months ago
For early hours from Thursday is because there is a continuity that is coming from wednesday night (most of the data was exfiltrated on wednesday though)
upvoted 2 times
db97
2 years, 2 months ago
Please disregard lol I didn't pay attention to the scales, changing my answer to Thursday's logs (D).
upvoted 2 times
AaronS1990
2 years, 2 months ago
It's a tricky one isn't it. Wednesday looks the most different but Thursday's is the only one where data out Far exceeds data in and it's a lot of data if you actually look at the numbers. CopmTIA likes to be sneaky with questions and Wednesday just looks too easy of an answer
upvoted 2 times
...
...
...
AaronS1990
2 years, 2 months ago
...though i would say Thursday's looks like backup. I'm going with C but i'm not sure enough to vote for it.
upvoted 1 times
AaronS1990
2 years, 2 months ago
Though i've just realised the questions states "backups were not performed during this time" that's all the steer i need towards Thursday.... I'm going with D
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago