While conducting a network infrastructure review, a security analyst discovers a laptop that is plugged into a core switch and hidden behind a desk. The analyst sees the following on the laptop's screen:
[*] [NBT-NS] Poisoned answer sent to 192.169.23.115 for name FILE-SHARE-A (service: File Server)
[*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-SHARE-A
[*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-SHARE-A
[SMBv2] NTLMv2-SSP Client : 192.168.23.115
[SMBv2] NTLMv2-SSP Username : CORPjsmith
[SMBv2] NTLMv2-SSP Hash : F5DBF769CFEA7...
[*] [NBT-NS] Poisoned answer sent to 192.169.23.24 for name FILE-SHARE-A (service: File Server)
[*] [LLMNR] Poisoned answer sent to 192.168.23.24 for name FILE-SHARE-A
[*] [LLMNR] Poisoned answer sent to 192.168.23.24 for name FILE-SHARE-A
[SMBv2] NTLMv2-SSP Client : 192.168.23.24
[SMBv2] NTLMv2-SSP Username : CORPprogers
[SMBv2] NTLMv2-SSP Hash : 6D093BE2FDD70A...
Which of the following is the BEST action for the security analyst to take?

A. Force all users in the domain to change their passwords at the next login.

B. Disconnect the laptop and ask the users jsmith and progers to log out.

C. Take the FILE-SHARE-A server offline and scan it for viruses.

D. Initiate a scan of devices on the network to find password-cracking tools.








 

Suggested Answer: C

Community Answer: B



This question is in CS0-002 CompTIA Cybersecurity Analyst (CySA+) Exam
For getting CompTIA Cybersecurity Analyst (CySA+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.