CompTIA CySA+ (CS0-003) — Question 356

A SOC analyst is reviewing the weekly EDR report. The report shows that the same application was blocked once every 24 hours. Which of the following tools should the analyst use to further investigate the incident?

Answer options

• A. Registry Editor
• B. services.msc
• C. Task Scheduler
• D. MSConfig

Correct answer: C

Explanation

The correct answer is C, Task Scheduler, as it allows the analyst to check for any scheduled tasks that may trigger the application every 24 hours. The other options, while useful for different purposes, do not provide the functionality necessary to investigate scheduled application behavior.