CS0-003 Domain 3: Incident Response and Management

Which phishing IR collects headers and URLs?

Multiple choice — select one answer

Answer choices

  1. a. Email forensics preserving headers
  2. b. Disconnect from network / EDR isolate
  3. c. Incident chronology / war room notes
  4. d. Isolated lab sandbox network

Architectural breakdown & explanation

Headers reveal sending infrastructure.

Correct answer(s): a. Email forensics preserving headers

Exam domain: Domain 3: Incident Response and Management (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA CySA+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.