Exam CS0-003 Topic 3 Question 377 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 377
Topic #: 3
An attacker recently gained unauthorized access to a financial institution's database, which contains confidential information. The attacker exfiltrated a large amount of data before being detected and blocked. A security analyst needs to complete a root cause analysis to determine how the attacker was able to gain access.
Which of the following should the analyst perform first?

Suggested Answer: C Vote an answer

In a root cause analysis following unauthorized access, the initial step is usually to review relevant log files.
These logs can provide critical information about how and when the attacker gained access.
The first step in a root cause analysis after a data breach is typically to review the logs. This helps the analyst understand how the attacker gained access by providing a detailed record of all events, including unauthorized or abnormal activities. Documenting the incident, interviewing employees, and identifying immediate containment actions are important steps, but they usually follow the initial log review.

by Kay at Apr 28, 2025, 03:01 AM

Limited Time Offer

15%

Off

Get Premium CS0-003 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10