Ann, a user, reports to the security team that her browser began redirecting her to random sites while using her Windows laptop. Ann further reports that the OS shows the C: drive is out of space despite having plenty of space recently. Ann claims she not downloaded anything. The security team obtains the laptop and begins to investigate, noting the following:
✑ File access auditing is turned off.
When clearing up disk space to make the laptop functional, files that appear to be cached web pages are immediately created in a temporary directory, filling
 
up the available drive space.
✑ All processes running appear to be legitimate processes for this user and machine.
✑ Network traffic spikes when the space is cleared on the laptop.
✑ No browser is open.
Which of the following initial actions and tools would provide the BEST approach to determining what is happening?

A. Delete the temporary files, run an Nmap scan, and utilize Burp Suite.

B. Disable the network connection, check Sysinternals Process Explorer, and review netstat output.

C. Perform a hard power down of the laptop, take a dd image, and analyze with FTK.

D. Review logins to the laptop, search Windows Event Viewer, and review Wireshark captures.








 

Suggested Answer: B





This question is in CS0-001 CompTIA Cybersecurity Analyst (CySA+) Exam
For getting CompTIA Cybersecurity Analyst (CySA+) Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.