Exam Logo

Comptia (CS0-002) Exam Questions And Answers page 12

An information security analyst discovered a virtual machine server was compromised by an attacker. Which of the following should be the FIRST step to confirm and respond to the incident?
Cyber Incident Response
An analyst has been asked to provide feedback regarding the controls required by a revised regulatory framework. At this time, the analyst only needs to focus on the technical controls.

Which of the following should the analyst provide an assessment of?
Security Architecture and Tool Sets Cybersecurity Tool Sets
Understanding attack vectors and integrating intelligence sources are important components of:
Threat Management Cyber Incident Response
A security analyst receives a CVE bulletin, which lists several products that are used in the enterprise. The analyst immediately deploys a critical security patch. Which of the following BEST describes the reason for the analyst s immediate action?
Threat Management Cyber Incident Response
A security analyst is reviewing the following log entries to identify anomalous activity:


Which of the following attack types is occurring?
Threat Management Security Architecture and Tool Sets
An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets.

Which of the following should be considered FIRST prior to disposing of the electronic data?
Cybersecurity Tool Sets Compliance and Assessment
A threat feed notes malicious actors have been infiltrating companies and exfiltrating data to a specific set of domains. Management at an organization wants to know if it is a victim. Which of the following should the security analyst recommend to identify this behavior without alerting any potential malicious actors?
Threat Management Cyber Incident Response
A security analyst is reviewing the following DNS logs as part of security-monitoring activities:


Which of the following MOST likely occurred?
Security Operations and Monitoring
A bad actor bypasses authentication and reveals all records in a database through an SQL injection. Implementation of which of the following would work BEST to prevent similar attacks in the future?
Threat Management Cyber Incident Response
A security analyst received an alert from the SIEM indicating numerous login attempts from users outside their usual geographic zones, all of which were initiated through the web-based mail server. The logs indicate all domain accounts experienced two login attempts during the same time frame.

Which of the following is the MOST likely cause of this issue?
Threat Management Cyber Incident Response