CompTIA
CAS-003 · Question #939
CAS-003 Question #939: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-003 to reveal the answer and full explanation for question #939. The question stem and answer options stay visible for context.
Question
An incident response analyst is investigating a compromise on a application server within an organization. The analyst identifies an anomalous process that is executing and maintaining a persistent TCP connection to an external IP. Which of the following actions should the analyst take NEXT?
Options
- ACapture running memory
- BCreate a BitCopy of the hard disk
- CUse no to conduct banner grabbing on the remote IP
- DReview /var/log/* for anomalous entries
Unlock CAS-003 to see the answer
You've previewed enough free CAS-003 questions. Unlock CAS-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.