CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA CySA+ CS0-003 Practice Question

A cybersecurity analyst noticed unexpected communication between an internal host and an external IP address, which is not part of the organization's typical traffic patterns. The communication occurs at consistent intervals and the volume of data being sent is substantial. Which tool should the analyst employ to gather evidence that could indicate a compromise and facilitate a deeper investigation?

  • Deploy an endpoint detection and response (EDR) solution to monitor the behavior of the internal host.

  • Utilize tcpdump to capture and analyze the suspicious network traffic.

  • Review the firewall rules to discern any misconfigurations allowing the said traffic.

  • Run a vulnerability scanner on the involved host and the network to detect any existing security gaps.

Subscribe to avoid duplicate questions and track your progress over time

Your Score:
Security Operations
Vulnerability Management
Incident Response and Management
Reporting and Communication
CompTIA CySA+ CS0-003
  • Security Operations
    • This question is filed here
  • Vulnerability Management
  • Incident Response and Management
  • Reporting and Communication