CS0-003 · Question #446
CS0-003 Question #446: Real Exam Question with Answer & Explanation
The correct answer is C: Verify whether the information is relevant to the organization.. Before taking any action, the SOC analyst should first verify if the Indicators of Compromise (IoC) and Tactics, Techniques, and Procedures (TTPs) reported are relevant to the organization's environment. This involves checking if the vulnerable application or version is actually
Question
A report contains IoC and TTP information for a zero-day exploit that leverages vulnerabilities in a specific version of a web application. Which of the following actions should a SOC analyst take first after receiving the report?
Options
- AImplement a vulnerability scan to determine whether the environment is at risk.
- BBlock the IP addresses and domains from the report in the web proxy and firewalls.
- CVerify whether the information is relevant to the organization.
- DAnalyze the web application logs to identify any suspicious or malicious activity.
Explanation
Before taking any action, the SOC analyst should first verify if the Indicators of Compromise (IoC) and Tactics, Techniques, and Procedures (TTPs) reported are relevant to the organization's environment. This involves checking if the vulnerable application or version is actually in use.
Topics
Community Discussion
No community discussion yet for this question.