Exam CS0-003 Topic 1 Question 162 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 162
Topic #: 1
Which of the following best describes root cause analysis?

Suggested Answer: B Vote an answer

Root cause analysis (RCA) is a post-incident activity focused on identifying the underlying cause of an incident/problem so the organization can fix the real cause (not just symptoms) and prevent recurrence. That matches Option B, which describes tracing the origin and eliminating it permanently.
The Sybex CySA+ Study Guide defines RCA in exactly this way:
Exact extract (Sybex Study Guide):
"The process of root cause analysis (RCA) is used to identify why a problem, incident, or issue occurred.
Root cause analysis is performed to allow organizations to understand what they need to focus on to prevent future problems..." The Secbay Press guide also defines RCA as uncovering underlying causes to prevent recurrence:
Exact extract (Secbay Press):
"Root Cause Analysis (RCA)... is a systematic investigation process aimed at identifying the fundamental factors that led to a security incident. It goes beyond addressing symptoms and seeks to uncover the underlying causes to prevent recurrence." Why the other options are wrong
* A (TTPs): That describes attacker behavior frameworks (e.g., MITRE ATT & CK), not RCA.
* C (who/what/when/where/why): That's an incident reporting structure, not the RCA process.
* D (ongoing activities report): That resembles status reporting/incident updates, not root cause determination.
References (CompTIA CySA+ CS0-003 documents / study guides used):
* Mike Chapple & David Seidl, CompTIA CySA+ Study Guide (CS0-003): RCA identifies why an incident occurred and helps prevent recurrence
* Secbay Press, CompTIA CySA+ Exam Prep Guide (CS0-003): RCA goes beyond symptoms to uncover underlying causes and prevent recurrence
* Secbay Press, CompTIA CySA+ Exam Prep Guide (CS0-003): "who/what/when/where/why" belongs to incident reporting context

by Mike at Jun 29, 2026, 05:25 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10