CS0-003 · Question #353
CS0-003 Question #353: Real Exam Question with Answer & Explanation
Sign in or unlock CS0-003 to reveal the answer and full explanation for question #353. The question stem and answer options stay visible for context.
Question
The SOC received a threat intelligence notification indicating that an employee's credentials were found on the dark web. The user's web and log-in activities were reviewed for malicious or anomalous connections, data uploads/downloads, and exploits. A review of the controls confirmed multifactor authentication was enabled. Which of the following should be done first to mitigate impact to the business networks and assets?
Options
- APerform a forced password reset.
- BCommunicate the compromised credentials to the user.
- CPerform an ad hoc AV scan on the user's laptop.
- DReview and ensure privileges assigned to the user's account reflect least privilege.
- ELower the thresholds for SOC alerting of suspected malicious activity
Unlock CS0-003 to see the answer
You've previewed enough free CS0-003 questions. Unlock CS0-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.