CS0-003 · Question #642
CS0-003 Question #642: Real Exam Question with Answer & Explanation
Sign in or unlock CS0-003 to reveal the answer and full explanation for question #642. The question stem and answer options stay visible for context.
Question
During a routine review of DNS logs, a security analyst observes that Host X has been making frequent DNS requests to domains with random alphanumeric strings (e.g.. atd8ekthj.xyz). IPS anomaly rules are blocking these domains. This behavior started shortly after a new software Installation on the host. Which of the following should the analyst do first to determine whether Host X has been compromised?
Options
- AAllow the domains because the DNS requests are part of a misconfigured software update.
- BCheck the software installation logs for errors and reinstall the software.
- CBlock all outbound connections from the host to prevent further DNS queries.
- DUse threat intelligence to check if the queried domains are associated with legitimate sites.
Unlock CS0-003 to see the answer
You've previewed enough free CS0-003 questions. Unlock CS0-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.