Comptia (CS0-002) Exam Questions And Answers page 25
A SIEM solution alerts a security analyst of a high number of login attempts against the company's webmail portal. The analyst determines the login attempts used credentials from a past data breach.
Which of the following is the BEST mitigation to prevent unauthorized access?
Which of the following is the BEST mitigation to prevent unauthorized access?
Mandatory access control
Multifactor authentication
Federation
Privileged access management
Threat Management
Cyber Incident Response
An organization used a third party to conduct a security audit and discovered several deficiencies in the cybersecurity program. The findings noted many external vulnerabilities that were not caught by the vulnerability scanning software, numerous weaknesses that allowed lateral movement, and gaps in monitoring that did not detect the activity of the auditors. Based on these findings, which of the following would be the BEST long-term enhancement to the security program?
Quarterly external penetration testing
Monthly tabletop scenarios
Red-team exercises
Audit exercises
Cybersecurity Tool Sets
Compliance and Assessment
An information security analyst discovered a virtual machine server was compromised by an attacker. Which of the following should be the FIRST step to confirm and respond to the incident?
Pause the virtual machine,
Shut down the virtual machine.
Take a snapshot of the virtual machine.
Remove the NIC from the virtual machine.
Review host hypervisor log of the virtual machine.
Execute a migration of the virtual machine.
Cyber Incident Response
An information security analyst on a threat-hunting team is working with administrators to create a hypothesis related to an internally developed web application. The working hypothesis is as follows:
• Due to the nature of the industry, the application hosts sensitive data associated with many clients and is a significant target.
• The platform is most likely vulnerable to poor patching and inadequate server hardening, which expose vulnerable services.
• The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.
As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SQL injection attacks. Which of the following BEST represents the technique in use?
• Due to the nature of the industry, the application hosts sensitive data associated with many clients and is a significant target.
• The platform is most likely vulnerable to poor patching and inadequate server hardening, which expose vulnerable services.
• The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.
As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SQL injection attacks. Which of the following BEST represents the technique in use?
Improving detection capabilities
Bundling critical assets
Profiling threat actors and activities
Reducing the attack surface area
Threat Management
Cybersecurity Tool Sets
Which of the following is the BEST security practice to prevent ActiveX controls from running malicious code on a user s web application?
Deploying HIPS to block malicious ActiveX code
Installing network-based IPS to block malicious ActiveX code
Adjusting the web-browser settings to block ActiveX controls
Configuring a firewall to block traffic on ports that use ActiveX controls
Security Architecture and Tool Sets
Cybersecurity Tool Sets
The Chief Information Officer (CIO) for a large manufacturing organization has noticed a significant number of unknown devices with possible malware infections are on the organization's corporate network. Which of the following would work BEST to prevent the issue?
Reconfigure the NAC solution to prevent access based on a full device profile and ensure antivirus is installed.
Segment the network to isolate all systems that contain highly sensitive information, such as intellectual property.
Implement certificate validation on the VPN to ensure only employees with the certificate can access the company network.
Update the antivirus configuration to enable behavioral and real-time analysis on all systems within the network.
Threat Management
Cyber Incident Response
A security analyst is reviewing the following web server log:
GET %2f..%2f..%2f.. %2f.. %2f.. %2f.. %2f../etc/passwd
Which of the following BEST describes the issue?
GET %2f..%2f..%2f.. %2f.. %2f.. %2f.. %2f../etc/passwd
Which of the following BEST describes the issue?
Directory traversal exploit
Cross-site scripting
SQL injection
Cross-site request forgery
Cyber Incident Response
Cybersecurity Tool Sets
A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization:
Which of the following technologies would MOST likely be used to prevent this phishing attempt?
Which of the following technologies would MOST likely be used to prevent this phishing attempt?
DNSSEC
DMARC
STP
S/IMAP
Threat Management
Cyber Incident Response
A development team uses open-source software and follows an Agile methodology with two-week sprints. Last month, the security team filed a bug for an insecure version of a common library. The DevOps team updated the library on the server, and then the security team rescanned the server to verify it was no longer vulnerable. This month, the security team found the same vulnerability on the server.
Which of the following should be done to correct the cause of the vulnerability?
Which of the following should be done to correct the cause of the vulnerability?
Deploy a WAF in front of the application.
Implement a software repository management tool.
Install a HIPS on the server.
Instruct the developers to use input validation in the code.
Cybersecurity Tool Sets
Compliance and Assessment
During a cyber incident, which of the following is the BEST course of action?
Switch to using a pre-approved, secure, third-party communication system.
Keep the entire company informed to ensure transparency and integrity during the incident.
Restrict customer communication until the severity of the breach is confirmed.
Limit communications to pre-authorized parties to ensure response efforts remain confidential.
Cyber Incident Response
Comments