CS0-003 Incident Response and Management • Timed 20 Questions
This is a timed practice session. You have 20 minutes to answer 20 questions — approximately 1 minute per question, matching real CS0-003 exam pace. Answer every question before time expires.
Time remaining
20:00
Exam-pace drill
Allow 1 minute per question. On the real CS0-003 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
During the detection and analysis phase of the NIST SP 800-61 incident response lifecycle, an analyst identifies suspicious network traffic from an internal host to a known malicious IP address. Which step should the analyst perform next to validate the alert?