Comptia (CS0-002) Exam Questions And Answers page 21
A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats.
Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?
Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?
Log correlation, monitoring, and automated reporting through a SIEM platform
Continuous compliance monitoring using SCAP dashboards
Quarterly vulnerability scanning using credentialed scans
Cyber Incident Response
Security Architecture and Tool Sets
A cybersecurity analyst has access to several threat feeds and wants to organize them while simultaneously comparing intelligence against network traffic.
Which of the following would BEST accomplish this goal?
Which of the following would BEST accomplish this goal?
Continuous integration and deployment
Automation and orchestration
Static and dynamic analysis
Information sharing and analysis
Threat Management
Cybersecurity Tool Sets
A security analyst is reviewing the following log from an email security service.
Which of the following BEST describes the reason why the email was blocked?
Which of the following BEST describes the reason why the email was blocked?
The To address is invalid.
The email originated from the www.spamfilter.org URL.
The IP address and the remote server name are the same.
The IP address was blacklisted.
The From address is invalid.
Security Architecture and Tool Sets
Security Operations and Monitoring
A remote code execution vulnerability was discovered in the RDP. An organization currently uses RDP for remote access to a portion of its VDI environment. The analyst verified network-level authentication is enabled. Which of the following is the BEST remediation for this vulnerability?
Verify the threat intelligence feed is updated with the latest solutions.
Verify the system logs do not contain indicator of compromise.
Verify the latest endpoint-protection signature is in place.
Verify the corresponding patch for the vulnerability is installed.
Security Architecture and Tool Sets
Cybersecurity Tool Sets
An analyst is reviewing the following code output of a vulnerability scan:
Which of the following types of vulnerabilities does this MOST likely represent?
Which of the following types of vulnerabilities does this MOST likely represent?
A XSS vulnerability
An HTTP response split vulnerability
A credential bypass vulnerability
A carriage-return, line-feed vulnerability
Security Architecture and Tool Sets
Cybersecurity Tool Sets
SIMULATION
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the help desk ticket queue.
INSTRUCTIONS
Click on the ticket to see the ticket details. Additional content is available on tabs within the ticket.
First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the help desk ticket queue.
INSTRUCTIONS
Click on the ticket to see the ticket details. Additional content is available on tabs within the ticket.
First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Threat Management
Security Operations and Monitoring
An organization supports a large number of remote users. Which of the following is the BEST option to protect the data on the remote users laptops?
Require the use of VPNs.
Require employees to sign an NDA.
Implement a DLP solution.
Use whole disk encryption.
Security Operations and Monitoring
A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:
Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?
Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?
PC1
PC2
Server1
Server2
Firewall
Security Operations and Monitoring
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output:
Which of the following lines indicates the computer may be compromised?
Which of the following lines indicates the computer may be compromised?
Line 1
Line 2
Line 3
Line 4
Line 5
Line 6
Security Operations and Monitoring
A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance as identified from the firewall logs, but the destination IP is blocked and not captured. Which of the following should the analyst do?
Shut down the computer
Capture live data using Wireshark
Take a snapshot
Determine if DNS logging is enabled
Review the network logs
Threat Management
Cyber Incident Response
Comments