Comptia (CS0-002) Exam Questions And Answers page 26
A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:
which systems were exploited more frequently.
possible evidence that is missing during forensic analysis.
which analysts require more training.
the time spent by analysts on each of the incidents.
Threat Management
Cyber Incident Response
An organization has several systems that require specific logons. Over the past few months, the security analyst has noticed numerous failed logon attempts followed by password resets. Which of the following should the analyst do to reduce the occurrence of legitimate failed logons and password resets?
Use SSO across all applications
Perform a manual privilege review
Adjust the current monitoring and logging rules
Implement multifactor authentication
Security Operations and Monitoring
A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server to achieve the highest level of security. To BEST complete this task, the analyst should place the:
firewall behind the VPN server
VPN server parallel to the firewall
VPN server behind the firewall
VPN on the firewall
Threat Management
Security Architecture and Tool Sets
An information security analyst is compiling data from a recent penetration test and reviews the following output:
The analyst wants to obtain more information about the web-based services that are running on the target.
Which of the following commands would MOST likely provide the needed information?
The analyst wants to obtain more information about the web-based services that are running on the target.
Which of the following commands would MOST likely provide the needed information?
ping -t 10.79.95.173.rdns.datacenters.com
telnet 10.79.95.173 443
ftpd 10.79.95.173.rdns.datacenters.com 443
tracert 10.79.95.173
Security Architecture and Tool Sets
Security Operations and Monitoring
An organization has not had an incident for several months. The Chief Information Security Officer (CISO) wants to move to a more proactive stance for security investigations. Which of the following would BEST meet that goal?
Root-cause analysis
Active response
Advanced antivirus
Information-sharing community
Threat hunting
Cyber Incident Response
Security Operations and Monitoring
An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform.
Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?
Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?
GPS
SoC
FaaS
RTOS
CAN bus
Threat Management
Security Architecture and Tool Sets
Which of the following types of policies is used to regulate data storage on the network?
Password
Acceptable use
Account management
Retention
Cybersecurity Tool Sets
Compliance and Assessment
A security analyst receives an alert to expect increased and highly advanced cyberattacks originating from a foreign country that recently had sanctions implemented. Which of the following describes the type of threat actors that should concern the security analyst?
Insider threat
Nation-state
Hacktivist
Organized crime
Threat Management
A company s incident response team is handling a threat that was identified on the network. Security analysts have determined a web server is making multiple connections from TCP port 445 outbound to servers inside its subnet as well as at remote sites. Which of the following is the MOST appropriate next step in the incident response plan?
Quarantine the web server
Deploy virtual firewalls
Capture a forensic image of the memory and disk
Enable web server containerization
Threat Management
Cyber Incident Response
A finance department employee has received a message that appears to have been sent from the Chief Financial Officer (CFO), asking the employee to perform a wire transfer. Analysis of the email shows the message came from an external source and is fraudulent. Which of the following would work BEST to improve the likelihood of employees quickly recognizing fraudulent emails?
Implementing a sandboxing solution for viewing emails and attachments
Limiting email from the finance department to recipients on a pre-approved whitelist
Configuring email client settings to display all messages in plaintext when read
Adding a banner to incoming messages that identifies the messages as external
Cyber Incident Response
Compliance and Assessment
Comments