CompTIACompTIA
CS0-003 · Question #73
CS0-003 Question #73: Real Exam Question with Answer & Explanation
The correct answer is B: User 2. The analyst should investigate User 2, as their internet usage likely exhibits anomalous or suspicious patterns that warrant further scrutiny.
Submitted by diego_uy· Mar 6, 2026Security operations
Question
A security analyst is reviewing the following Internet usage trend report: Which of the following usernames should the security analyst investigate further?
Options
- AUser 1
- BUser 2
- CUser 3
- DUser 4
Explanation
The analyst should investigate User 2, as their internet usage likely exhibits anomalous or suspicious patterns that warrant further scrutiny.
Common mistakes.
- A. User 1 is presumed to have normal or less suspicious internet usage patterns compared to User 2, and therefore does not require immediate investigation based on the implied report data.
- C. User 3 is presumed to have normal or less suspicious internet usage patterns compared to User 2, and therefore does not require immediate investigation based on the implied report data.
- D. User 4 is presumed to have normal or less suspicious internet usage patterns compared to User 2, and therefore does not require immediate investigation based on the implied report data.
Concept tested. Identifying anomalous user behavior
Reference. https://learn.microsoft.com/en-us/azure/sentinel/identify-anomalous-behavior
Topics
#Log analysis#Suspicious activity#Internet usage monitoring#User behavior analytics
Community Discussion
No community discussion yet for this question.