CAS-003 Question #752: Real Exam Question with Answer & Explanation

The correct answer is B: Vulnerability scanner. This answer key appears to contain an error. For a slow laptop under investigation, the analyst likely obtained output showing suspicious running processes or unusual network connections (the referenced output was likely an image). The logical NEXT step after identifying anomalou

Question

Ann, a user' brings her laptop to an analyst after noticing it has been operating very slowly. The security analyst examines the laptop and obtains the following output. Which of the following will the analyst most likely use NEXT?

Exhibit

Options

AProcess explorer
BVulnerability scanner
CAntivirus
DNetwork enumerator

Explanation

This answer key appears to contain an error. For a slow laptop under investigation, the analyst likely obtained output showing suspicious running processes or unusual network connections (the referenced output was likely an image). The logical NEXT step after identifying anomalous process behavior would be to run Antivirus (C) to scan for and identify known malware, which aligns with the standard incident response workflow: identify indicators → confirm with AV scan. A Vulnerability Scanner (B) is used to find unpatched vulnerabilities in systems - it does not detect active malware infections and is not the appropriate next tool in this scenario. Process Explorer (A) is useful for deeper process analysis but would typically already have been used to generate the output shown. A Network Enumerator (D) is irrelevant to a local performance/malware investigation.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice