Crucial Exams

CompTIA CySA+ CS0-003 (V3) Practice Question

A file-integrity monitoring (FIM) agent on a finance employee's Windows 11 laptop reports the following four file-system events during a two-minute window when no software updates were authorized:

  1. C:\Users\j.smith\Documents\Training\marketing_video.mp4 (35 MB) - created
  2. E:\Backups\2025-09-10\finance_reports.zip (AES-256 encrypted) - created
  3. C:\Windows\System32\svch0st.dll (176 KB) - created
  4. C:\Users\j.smith\Downloads\ProjectPlan.docx - modified

Endpoint-protection signatures are current, and the user has normal (non-admin) privileges. Which file-system event should the security analyst escalate first as the clearest indicator of potentially malicious activity?

  • Creation of an encrypted finance_reports.zip file in the backup directory

  • Creation of svch0st.dll in C:\Windows\System32

  • Creation of marketing_video.mp4 in the user's Documents folder

  • Modification of ProjectPlan.docx in the user's Downloads folder

CompTIA CySA+ CS0-003 (V3)
Security Operations
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
SAVE $51
CompTIA Cybersecurity Analyst Voucher
CySA+ / v3 / CS0-003
$425.00 $374.00
SAVE $57
CompTIA Cybersecurity Analyst Voucher with Retake
CySA+ / v3 / CS0-003
Includes Retake
$474.00 $417.00
Bash, the Crucial Exams Chat Bot
AI Bot