Exam CS0-003 Topic 3 Question 428 Discussion
Actual exam question for CompTIA's CS0-003 exam
Question #: 428
Topic #: 3
Question #: 428
Topic #: 3
A security analyst at example.com receives SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream:
Packet capture:

TCP stream:

Which of the following actions should the security analyst take NEXT?
Packet capture:

TCP stream:

Which of the following actions should the security analyst take NEXT?
Suggested Answer: B Vote an answer
Anytime we receive alerts/offenses that appears to be a potential scan (interna/external), we already verify with the app owner/client if this was expected activity.
We never close a ticket without confirmation, even its from an approved source.
We never close a ticket without confirmation, even its from an approved source.
by Augustine at Jun 03, 2025, 06:19 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).