Comptia (CS0-002) Exam Questions And Answers page 12
An information security analyst discovered a virtual machine server was compromised by an attacker. Which of the following should be the FIRST step to confirm and respond to the incident?
Remove the NIC from the virtual machine.
Shut down the virtual machine.
Pause the virtual machine,
Cyber Incident Response
An analyst has been asked to provide feedback regarding the controls required by a revised regulatory framework. At this time, the analyst only needs to focus on the technical controls.
Which of the following should the analyst provide an assessment of?
Which of the following should the analyst provide an assessment of?
Tokenization of sensitive data
Establishment of data classifications
Reporting on data retention and purging activities
Formal identification of data ownership
Execution of NDAs
Security Architecture and Tool Sets
Cybersecurity Tool Sets
Understanding attack vectors and integrating intelligence sources are important components of:
a vulnerability management plan.
proactive threat hunting.
risk management compliance.
an incident response plan.
Threat Management
Cyber Incident Response
A security analyst receives a CVE bulletin, which lists several products that are used in the enterprise. The analyst immediately deploys a critical security patch. Which of the following BEST describes the reason for the analyst s immediate action?
Nation-state hackers are targeting the region.
A new vulnerability was discovered by a vendor.
A known exploit was discovered.
A new zero-day threat needs to be addressed.
There is an insider threat.
Threat Management
Cyber Incident Response
A security analyst is reviewing the following log entries to identify anomalous activity:
Which of the following attack types is occurring?
Which of the following attack types is occurring?
Directory traversal
SQL injection
Buffer overflow
Cross-site scripting
Threat Management
Security Architecture and Tool Sets
An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets.
Which of the following should be considered FIRST prior to disposing of the electronic data?
Which of the following should be considered FIRST prior to disposing of the electronic data?
Sanitization policy
Data sovereignty
Encryption policy
Retention standards
Cybersecurity Tool Sets
Compliance and Assessment
A threat feed notes malicious actors have been infiltrating companies and exfiltrating data to a specific set of domains. Management at an organization wants to know if it is a victim. Which of the following should the security analyst recommend to identify this behavior without alerting any potential malicious actors?
Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested.
Add the domains to a DNS sinkhole and create an alert in the SIEM tool when the domains are queried
Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information
Threat Management
Cyber Incident Response
A security analyst is reviewing the following DNS logs as part of security-monitoring activities:
Which of the following MOST likely occurred?
Which of the following MOST likely occurred?
The attack used an algorithm to generate command and control information dynamically
The attack attempted to contact www.google.com to verify Internet connectivity
The attack used encryption to obfuscate the payload and bypass detection by an IDS
The attack caused an internal host to connect to a command and control server
Security Operations and Monitoring
A bad actor bypasses authentication and reveals all records in a database through an SQL injection. Implementation of which of the following would work BEST to prevent similar attacks in the future?
Strict input validation
Blacklisting
SQL patching
Content filtering
Output encoding
Threat Management
Cyber Incident Response
A security analyst received an alert from the SIEM indicating numerous login attempts from users outside their usual geographic zones, all of which were initiated through the web-based mail server. The logs indicate all domain accounts experienced two login attempts during the same time frame.
Which of the following is the MOST likely cause of this issue?
Which of the following is the MOST likely cause of this issue?
A password-spraying attack was performed against the organization.
A DDoS attack was performed against the organization.
This was normal shift work activity; the SIEM's AI is learning.
A credentialed external vulnerability scan was performed.
Threat Management
Cyber Incident Response
Comments