Comptia (CS0-002) Exam Questions And Answers page 16
A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources.
Which of the following BEST describes this attack?
Which of the following BEST describes this attack?
Memory corruption
Denial of service
Array attack
Cyber Incident Response
Security Operations and Monitoring
A Chief Executive Officer (CEO) is concerned about the company s intellectual property being leaked to competitors. The security team performed an extensive review but did not find any indication of an outside breach. The data sets are currently encrypted using the Triple Data Encryption Algorithm. Which of the following courses of action is appropriate?
Limit all access to the sensitive data based on geographic access requirements with strict role-based access controls.
Enable data masking and reencrypt the data sets using AES-256.
Ensure the data is correctly classified and labeled, and that DLP rules are appropriate to prevent disclosure.
Use data tokenization on sensitive fields, reencrypt the data sets using AES-256, and then create an MD5 hash.
Threat Management
Cybersecurity Tool Sets
A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT.
Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?
Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?
Attack vectors
Adversary capability
Diamond Model of Intrusion Analysis
Kill chain
Total attack surface
Threat Management
In response to a potentially malicious email that was sent to the Chief Financial Officer (CFO), an analyst reviews the logs and identifies a questionable attachment using a hash comparison. The logs also indicate the attachment was already opened. Which of the following should the analyst do NEXT?
Create a sinkhole to block the originating server.
Utilize the EDR platform to isolate the CFO s machine.
Perform malware analysis on the attachment.
Reimage the CFO s laptop.
Cyber Incident Response
Security Architecture and Tool Sets
As part of a review of incident response plans, which of the following is MOST important for an organization to understand when establishing the breach notification period?
Organizational policies
Vendor requirements and contracts
Service-level agreements
Legal requirements
Cyber Incident Response
Which of the following sources will provide the MOST relevant threat intelligence data to the security team of a dental care network?
H-ISAC
Dental forums
Open threat exchange
Dark web chatter
Threat Management
Which of the following incident response components can identify who is the liaison between multiple lines of business and the public?
Red-team analysis
Escalation process and procedures
Triage and analysis
Communications plan
Cyber Incident Response
A security analyst wants to capture large amounts of network data that will be analyzed at a later time. The packet capture does not need to be in a format that is readable by humans, since it will be put into a binary file called packetCapture . The capture must be as efficient as possible, and the analyst wants to minimize the likelihood that packets will be missed. Which of the following commands will BEST accomplish the analyst s objectives?
nmap oA > packetCapture
tcpdump w packetCapture
tcpdump a packetCapture
tcpdump n packetCapture
nmap v > packetCapture
Security Operations and Monitoring
An application server runs slowly and then triggers a high CPU alert. After investigating, a security analyst finds an unauthorized program is running on the server. The analyst reviews the application log below.
Which of the following conclusions is supported by the application log?
Which of the following conclusions is supported by the application log?
An attacker was attempting to perform a DoS attack against the server
An attacker was attempting to download files via a remote command execution vulnerability
An attacker was attempting to perform a buffer overflow attack to execute a payload in memory
An attacker was attempting to perform an XSS attack via a vulnerable third-party library
Threat Management
Cyber Incident Response
Which of the following policies would state an employee should not disable security safeguards, such as host firewalls and antivirus, on company systems?
Code of conduct policy
Account management policy
Password policy
Acceptable use policy
Threat Management
Security Operations and Monitoring
Comments