CompTIA CS0-003 Exam - Topic 3 Question 5 Discussion

Actual exam question for CompTIA's CS0-003 exam

Question #: 5
Topic #: 3

During the forensic analysis of a compromised machine, a security analyst discovers some binaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content. Which of the following is the next step the analyst should take?

AValidate the binaries' hashes from a trusted source.

BUse file integrity monitoring to validate the digital signature

CRun an antivirus against the binaries to check for malware.

DOnly allow binaries on the approve list to execute.

Show Suggested Answer

Suggested Answer: A

Validating the binaries' hashes from a trusted source is the next step the analyst should take after discovering some binaries that are exhibiting abnormal behaviors and finding unexpected content in their strings. A hash is a fixed-length value that uniquely represents the contents of a file or message. By comparing the hashes of the binaries on the compromised machine with the hashes of the original or legitimate binaries from a trusted source, such as the software vendor or repository, the analyst can determine whether the binaries have been modified or replaced by malicious code. If the hashes do not match, it indicates that the binaries have been tampered with and may contain malware.

by Alesia at Jul 28, 2023, 11:16 PM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Irma

3 months ago

Not sure about these options, feels like there's more to it.

upvoted 0 times

...

Jeanice

3 months ago

Surprised no one mentioned D, whitelisting is super effective!

upvoted 0 times

...

Evangelina

4 months ago

C seems like a quick fix, but it might miss some threats.

upvoted 0 times

...

Leonardo

4 months ago

I think B is better, checking digital signatures is key.

upvoted 0 times

...

Van

4 months ago

Definitely A, validating hashes is crucial.

upvoted 0 times

...

Dante

4 months ago

I vaguely recall something about only allowing approved binaries to execute, but that seems more like a preventive measure than a response to this situation.

upvoted 0 times

...

Georgene

4 months ago

Running an antivirus seems like a good idea, but I feel like we should confirm the binaries' legitimacy first.

upvoted 0 times

...

Yvette

5 months ago

I remember a practice question where we had to check digital signatures first, so maybe option B is the right choice here.

upvoted 0 times

...

Ma

5 months ago

I think validating the binaries' hashes is important, but I'm not sure if that's the immediate next step.

upvoted 0 times

...

Scot

5 months ago

This seems like a straightforward configuration task, but I want to double-check the details to make sure I don't miss anything important.

upvoted 0 times

...

Emerson

5 months ago

Based on my understanding, if the ports aren't responding, that means they're in a closed state, not filtered. The XMAS scan should be able to detect closed ports. I'll double-check that, but I think the answer is C.

upvoted 0 times

...

Gwenn

5 months ago

I remember reading about how consensus algorithms like Proof of Work contribute to security, but I can't recall how they relate to anonymity specifically.

upvoted 0 times

...