CompTIA CySA+ (CS0-003) — Question 15

While reviewing web server logs, an analyst notices several entries with the same time stamps, but all contain odd characters in the request line. Which of the following steps should be taken next?

Answer options

• A. Shut the network down immediately and call the next person in the chain of command.
• B. Determine what attack the odd characters are indicative of.
• C. Utilize the correct attack framework and determine what the incident response will consist of.
• D. Notify the local law enforcement for incident response.

Correct answer: B

Explanation

The correct answer is B because identifying the type of attack is crucial for determining the appropriate response. Shutting down the network or notifying law enforcement without understanding the nature of the threat may lead to unnecessary actions or escalation. Utilizing an attack framework is also important, but it comes after understanding what the attack entails.