CompTIA CySA+ (CS0-003) — Question 452

A SOC team lead occasionally collects some DNS information for investigations. The team lead assigns this task to a new junior analyst. Which of the following is the best way to relay the process information to the junior analyst?

Answer options

• A. Ask another team member to demonstrate their process.
• B. Email a link to a website that shows someone demonstrating a similar process.
• C. Let the junior analyst research and develop a process.
• D. Write a step-by-step document on the team wiki outlining the process.

Correct answer: D

Explanation

Writing a step-by-step document on the team wiki is the best approach as it provides clear, structured guidance that the junior analyst can refer back to whenever needed. Asking another team member to demonstrate may not be as effective since it relies on the availability and willingness of others. Sending a link may lead to confusion if the website content is not aligned with the specific needs of the team. Allowing the analyst to research independently could result in inconsistencies and a lack of standardization in the process.