Exam Logo

Comptia (CS0-002) Exam Questions And Answers page 16

A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources.

Which of the following BEST describes this attack?
Cyber Incident Response Security Operations and Monitoring
A Chief Executive Officer (CEO) is concerned about the company s intellectual property being leaked to competitors. The security team performed an extensive review but did not find any indication of an outside breach. The data sets are currently encrypted using the Triple Data Encryption Algorithm. Which of the following courses of action is appropriate?
Threat Management Cybersecurity Tool Sets
A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT.

Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?
Threat Management
In response to a potentially malicious email that was sent to the Chief Financial Officer (CFO), an analyst reviews the logs and identifies a questionable attachment using a hash comparison. The logs also indicate the attachment was already opened. Which of the following should the analyst do NEXT?
Cyber Incident Response Security Architecture and Tool Sets
As part of a review of incident response plans, which of the following is MOST important for an organization to understand when establishing the breach notification period?
Cyber Incident Response
Which of the following sources will provide the MOST relevant threat intelligence data to the security team of a dental care network?
Threat Management
Which of the following incident response components can identify who is the liaison between multiple lines of business and the public?
Cyber Incident Response
A security analyst wants to capture large amounts of network data that will be analyzed at a later time. The packet capture does not need to be in a format that is readable by humans, since it will be put into a binary file called packetCapture . The capture must be as efficient as possible, and the analyst wants to minimize the likelihood that packets will be missed. Which of the following commands will BEST accomplish the analyst s objectives?
Security Operations and Monitoring
An application server runs slowly and then triggers a high CPU alert. After investigating, a security analyst finds an unauthorized program is running on the server. The analyst reviews the application log below.


Which of the following conclusions is supported by the application log?
Threat Management Cyber Incident Response
Which of the following policies would state an employee should not disable security safeguards, such as host firewalls and antivirus, on company systems?
Threat Management Security Operations and Monitoring