Free CompTIA CySA+ CS0-003 Practice Question

During a routine review, a security analyst observes large data transfers occurring outside of business hours from a high-level executive's account to an unknown external server. The executive usually accesses sensitive financial records during standard business hours. Which of the following actions should the analyst investigate as a priority to determine if this is an incident?

  • Verify if the executive was actually responsible for the transfers

  • Check the integrity of backup files for possible corruption

  • Examine the firewall rules for any recent changes

  • Immediately change the executive account's password

This question's topic:
CompTIA CySA+ CS0-003 / 
Security Operations
Your Score:

Check or uncheck an objective to set which questions you will receive.