CompTIACompTIA
CS0-003 · Question #105
CS0-003 Question #105: Real Exam Question with Answer & Explanation
Sign in or unlock CS0-003 to reveal the answer and full explanation for question #105. The question stem and answer options stay visible for context.
Submitted by hassan_iq· Mar 6, 2026Incident Response and Management
Question
A security analyst at example.com receives SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream: Packet capture: TCP stream: Which of the following actions should the security analyst take NEXT?
Options
- AReview the known Apache vulnerabilities to determine if a compromise actually occurred
- BContact the application owner for connect.example.local for additional information.
- CMark the alert as a false positive scan coming from an approved source.
- DRaise a request to the firewall team to block 203.0.113.15.
Unlock CS0-003 to see the answer
You've previewed enough free CS0-003 questions. Unlock CS0-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident triage#SIEM analysis#Packet analysis#Stakeholder communication