CompTIACompTIA
CS0-003 · Question #95
CS0-003 Question #95: Real Exam Question with Answer & Explanation
Sign in or unlock CS0-003 to reveal the answer and full explanation for question #95. The question stem and answer options stay visible for context.
Submitted by katya_ua· Mar 6, 2026Incident Response and Management
Question
In SIEM software, a security analysis selected some changes to hash signatures from monitored files during the night followed by SMB brute-force attacks against the file servers Based on this behavior, which of the following actions should be taken FIRST to prevent a more serious compromise?
Options
- AFully segregate the affected servers physically in a network segment, apart from the production
- BCollect the network traffic during the day to understand if the same activity is also occurring
- CCheck the hash signatures, comparing them with malware databases to verify if the files are
- DCollect all the files that have changed and compare them with the previous baseline
Unlock CS0-003 to see the answer
You've previewed enough free CS0-003 questions. Unlock CS0-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident containment#SIEM analysis#Brute-force attack#Network segmentation