CS0-003 Question #116: Real Exam Question with Answer & Explanation

Question

A security analyst is concerned the number of security incidents being reported has suddenly gone down. Daily business interactions have not changed, and no additional security controls have been implemented. Which of the following should the analyst review FIRST?

Options

• AThe DNS configuration
• BPrivileged accounts
• CThe IDS rule set
• DThe firewall ACL

Explanation

A sudden drop in reported security incidents without corresponding business changes suggests an issue with detection mechanisms, making the IDS rule set the primary area for review.

Common mistakes.

• A. Changes in DNS configuration would primarily impact network connectivity or name resolution, not directly cause a drop in reported security incidents.
• B. Compromised privileged accounts might lead to more security incidents or data breaches, not a decrease in reported incidents.
• D. A firewall ACL change might block traffic, potentially reducing actual incidents if it blocks malicious traffic, but it wouldn't cause a drop in reported incidents unless it also blocks the reporting mechanism itself, which is less likely to be the first suspect than the IDS rules responsible for detection.

Concept tested. Security incident detection system analysis

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/recommendations-for-security-incident-detection

No community discussion yet for this question.