Topic: CS0-003 topic 1 question 224

A security analyst is responding to an incident that involves a malicious attack on a network data closet. Which of the following best explains how the analyst should properly document the incident?

A.
Back up the configuration file for all network devices.
B.
Record and validate each connection.
C.
Create a full diagram of the network infrastructure.
D.
Take photos of the impacted items.

Re: CS0-003 topic 1 question 224

Taking photos is a direct way to document the physical state of the impacted items after an incident. This can provide an immediate and clear visual record of the scene as it was found, which can be crucial for subsequent investigations and for understanding what occurred. This documentation can be especially valuable if there is any physical damage or if there are indicators of how the attackers gained access or what they might have done while inside.

Re: CS0-003 topic 1 question 224

In the context of a malicious attack on a network data closet, recording and validating each connection (Option B) would be crucial for understanding the scope of the incident, identifying potential points of compromise, and facilitating remediation efforts.

Re: CS0-003 topic 1 question 224

I am not quite sure I understand the question. Taking photos makes only sense if it was a physical attack on the closet.. does that happen?

Re: CS0-003 topic 1 question 224

Same here. I took it to mean a physical attack so Photos was the best answer. Question could be a bit more specific though

Re: CS0-003 topic 1 question 224

I understand the confusion. They are talking about network and malicious attack, so we assume it is logical. However. it is mentioned that Network data closet (a physical room in a building) was maliciously attacked. I.e., cables ripped, hardware devised snatched or broken. This is a physical attack that happened to a network data room.  Pictures can be taken with a camera for investigation. Hope this helps.