Exam Logo

Comptia (CS0-002) Exam Questions And Answers page 19

A critical server was compromised by malware, and all functionality was lost. Backups of this server were taken; however, management believes a logic bomb may have been injected by a rootkit. Which of the following should a security analyst perform to restore functionality quickly?
Cyber Incident Response Cybersecurity Tool Sets
An organization has the following risk mitigation policy:

• Risks with a probability of 95% or greater will be addressed before all others regardless of the impact.
• All other prioritization will be based on risk value.

The organization has identified the following risks:


Which of the following is the order of priority for risk mitigation from highest to lowest?
Threat Management Security Architecture and Tool Sets
A security analyst on the threat-hunting team has developed a list of unneeded, benign services that are currently running as part of the standard OS deployment for workstations. The analyst will provide this list to the operations team to create a policy that will automatically disable the services for all workstations in the organization.

Which of the following BEST describes the security analyst's goal?
Threat Management Cybersecurity Tool Sets
While reviewing log files, a security analyst uncovers a brute-force attack that is being performed against an external webmail portal. Which of the following would be BEST to prevent this type of attack from being successful?
Threat Management Cyber Incident Response
A managed security service provider (MSSP) has alerted a user that an account was added to the local administrator group for the servers named EC2AMAZ-HG87B4 and EC2AMAZ-B643M2. A security analyst logs in to the cloud provider s graphical user interface to determine the IP addresses of the servers and sees the following data:


Which of the following changes to the current architecture would work BEST to help the analyst to troubleshoot future alerts?
Security Operations and Monitoring
A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.

Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)
Cyber Incident Response Cybersecurity Tool Sets
A security analyst is attempting to utilize the following threat intelligence for developing detection capabilities:

APT X s approach to a target would be sending a phishing email to the target after conducting active and passive reconnaissance. Upon successful compromise, APT X conducts internal reconnaissance and attempts to move laterally by utilizing existing resources. When APT X finds data that aligns to its objectives, it stages and then exfiltrates data sets in sizes that can range from 1GB to 5GB. APT X also establishes several backdoors to maintain a C2 presence in the environment.

In which of the following phases in this APT MOST likely to leave discoverable artifacts?
Threat Management Cyber Incident Response
SIMULATION

You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.

The company's hardening guidelines indicate the following:

" TLS 1.2 is the only version of TLS running.
" Apache 2.4.18 or greater should be used.
" Only default ports should be used.

INSTRUCTIONS

Using the supplied data, record the status of compliance with the company's guidelines for each server.

The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.





Cybersecurity Tool Sets Security Operations and Monitoring
A security analyst is monitoring a company s network traffic and finds ping requests going to accounting and human resources servers from a SQL server. Upon investigation, the analyst discovers a technician responded to potential network connectivity issues. Which of the following is the BEST way for the security analyst to respond?
Security Architecture and Tool Sets Compliance and Assessment
A company s change management team has asked a security analyst to review a potential change to the email server before it is released into production. The analyst reviews the following change request:


Which of the following is the MOST likely reason for the change?
Security Operations and Monitoring