Comptia (CS0-002) Exam Questions And Answers page 24
A security analyst working in the SOC recently discovered instances in which hosts visited a specific set of domains and IPs and became infected with malware. Which of the following is the MOST appropriate action to take in this situation?
Implement an IPS signature for the malware and another signature request to block all the associated domains and IPs
Implement a change request to the firewall setting to not allow traffic to and from the IPs and domains
Implement an IPS signature for the malware and a change request to the firewall setting to not allow traffic to and from the origin IPs subnets and second-level domains
Cyber Incident Response
Security Operations and Monitoring
A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application.
Which of the following is a security concern when using a PaaS solution?
Which of the following is a security concern when using a PaaS solution?
The use of infrastructure-as-code capabilities leads to an increased attack surface.
Patching the underlying application server becomes the responsibility of the client.
The application is unable to use encryption at the database level.
Insecure application programming interfaces can lead to data compromise.
Security Operations and Monitoring
A security analyst has been alerted to several emails that show evidence an employee is planning malicious activities that involve employee PII on the network before leaving the organization. The security analyst s BEST response would be to coordinate with the legal department and:
the public relations department
senior leadership
law enforcement
the human resources department
Threat Management
Cyber Incident Response
A security analyst is investigating a system compromise. The analyst verifies the system was up to date on OS patches at the time of the compromise. Which of the following describes the type of vulnerability that was MOST likely exploited?
Insider threat
Buffer overflow
Advanced persistent threat
Zero day
Threat Management
Cyber Incident Response
Given the Nmap request below:
Which of the following actions will an attacker be able to initiate directly against this host?
Which of the following actions will an attacker be able to initiate directly against this host?
Password sniffing
ARP spoofing
A brute-force attack
An SQL injection
Security Operations and Monitoring
Massivelog.log has grown to 40GB on a Windows server. At this size, local tools are unable to read the file, and it cannot be moved off the virtual server where it is located. Which of the following lines of PowerShell script will allow a user to extract the last 10,000 lines of the log for review?
tail -10000 Massivelog.log > extract.txt
info tail n -10000 Massivelog.log | extract.txt;
get content ./Massivelog.log Last 10000 | extract.txt
get-content ./Massivelog.log Last 10000 > extract.txt;
Security Operations and Monitoring
A security analyst is reviewing the logs from an internal chat server. The chat.log file is too large to review manually, so the analyst wants to create a shorter log file that only includes lines associated with a user demonstrating anomalous activity. Below is a snippet of the log:
Which of the following commands would work BEST to achieve the desired result?
Which of the following commands would work BEST to achieve the desired result?
grep -v chatter14 chat.log
grep -i pythonfun chat.log
grep -i javashark chat.log
grep -v javashark chat.log
grep -v pythonfun chat.log
grep -i chatter14 chat.log
Security Operations and Monitoring
Employees of a large financial company are continuously being infected by strands of malware that are not detected by EDR tools. Which of the following is the BEST security control to implement to reduce corporate risk while allowing employees to exchange files at client sites?
MFA on the workstations
Additional host firewall rules
VDI environment
Hard drive encryption
Network access control
Network segmentation
Threat Management
Cyber Incident Response
A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.
Tool A reported the following:
Tool B reported the following:
Which of the following BEST describes the method used by each tool? (Choose two.)
Tool A reported the following:
Tool B reported the following:
Which of the following BEST describes the method used by each tool? (Choose two.)
Tool A is agent based.
Tool A used fuzzing logic to test vulnerabilities.
Tool A is unauthenticated.
Tool B utilized machine learning technology.
Tool B is agent based.
Tool B is unauthenticated.
Security Operations and Monitoring
Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.)
Parameterized queries
Session management
Input validation
Output encoding
Data protection
Authentication
Threat Management
Cyber Incident Response
Comments