Exam Logo

Comptia (CS0-002) Exam Questions And Answers page 14

A Chief Security Officer (CSO) is working on the communication requirements for an organization's incident response plan. In addition to technical response activities, which of the following is the main reason why communication must be addressed in an effective incident response program?
Cyber Incident Response Cybersecurity Tool Sets
After a breach involving the exfiltration of a large amount of sensitive data, a security analyst is reviewing the following firewall logs to determine how the breach occurred:


Which of the following IP addresses does the analyst need to investigate further?
Security Operations and Monitoring
During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:


To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and __________.
Threat Management Security Architecture and Tool Sets
A security analyst needs to obtain the footprint of the network. The footprint must identify the following information:

• TCP and UDP services running on a targeted system
• Types of operating systems and versions
• Specific applications and versions

Which of the following tools should the analyst use to obtain the data?
Security Architecture and Tool Sets Cybersecurity Tool Sets
A forensic analyst took an image of a workstation that was involved in an incident. To BEST ensure the image is not tampered with, the analyst should use:
Cyber Incident Response Security Architecture and Tool Sets
A security manager has asked an analyst to provide feedback on the results of a penetration test. After reviewing the results, the manager requests information regarding the possible exploitation of vulnerabilities. Which of the following information data points would be MOST useful for the analyst to provide to the security manager, who would then communicate the risk factors to senior management? (Choose two.)
Threat Management Cyber Incident Response
A vulnerability scanner has identified an out-of-support database software version running on a server. The software update will take six to nine months to complete. The management team has agreed to a one-year extended support contract with the software vendor. Which of the following BEST describes the risk treatment in this scenario?
Cybersecurity Tool Sets Compliance and Assessment
An analyst is working with a network engineer to resolve a vulnerability that was found in a piece of legacy hardware, which is critical to the operation of the organization's production line. The legacy hardware does not have third-party support, and the OEM manufacturer of the controller is no longer in operation. The analyst documents the activities and verifies these actions prevent remote exploitation of the vulnerability.

Which of the following would be the MOST appropriate to remediate the controller?
Threat Management Security Operations and Monitoring
A security analyst scanned an internal company subnet and discovered a host with the following Nmap output.


Based on the output of this Nmap scan, which of the following should the analyst investigate FIRST?
Security Operations and Monitoring
A security analyst reviews SIEM logs and detects a well-known malicious executable running in a Windows machine. The up-to-date antivirus cannot detect the malicious executable. Which of the following is the MOST likely cause of this issue?
Threat Management Cyber Incident Response