Comptia (CS0-002) Exam Questions And Answers page 28
A security analyst gathered forensics from a recent intrusion in preparation for legal proceedings. The analyst used EnCase to gather the digital forensics, cloned the hard drive, and took the hard drive home for further analysis. Which of the following did the security analyst violate?
Chain of custody
Cloning procedures
Virtualization
Cyber Incident Response
Security Operations and Monitoring
An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to attain the desired outcome?
Duplicate all services in another instance and load balance between the instances
Establish a hot site with active replication to another region within the same cloud provider
Set up a warm disaster recovery site with the same cloud provider in a different region
Configure the systems with a cold site at another cloud provider that can be used for failover
Security Operations and Monitoring
A company s legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. They have asked a security analyst to help tailor the response plan to provide broad coverage for many situations. Which of the following is the BEST way to achieve this goal?
Focus on incidents that have a high chance of reputation harm.
Focus on common attack vectors first.
Focus on incidents that affect critical systems.
Focus on incidents that may require law enforcement support.
Cyber Incident Response
Security Operations and Monitoring
A security analyst recently used Arachni to perform a vulnerability assessment of a newly developed web application. The analyst is concerned about the following output:
Which of the following is the MOST likely reason for this vulnerability?
Which of the following is the MOST likely reason for this vulnerability?
The developer set input validation protection on the specific field of search.aspx.
The developer did not set proper cross-site scripting protections in the header.
The developer did not implement default protections in the web application build.
The developer did not set proper cross-site request forgery protections.
Threat Management
Security Architecture and Tool Sets
After a breach involving the exfiltration of a large amount of sensitive data, a security analyst is reviewing the following firewall logs to determine how the breach occurred:
Which of the following IP addresses does the analyst need to investigate further?
Which of the following IP addresses does the analyst need to investigate further?
192.168.1.1
192.168.1.10
192.168.1.12
192.168.1.193
Security Operations and Monitoring
Following a recent security breach, a company decides to investigate account usage to ensure privileged accounts are only being utilized during typical business hours. During the investigation, a security analyst determines an account was consistently utilized in the middle of the night. Which of the following actions should the analyst take NEXT?
Disable the privileged account.
Initiate the incident response plan.
Report the discrepancy to human resources.
Review the activity with the user.
Security Operations and Monitoring
Which of the following sources would a security analyst rely on to provide relevant and timely threat information concerning the financial services industry?
Real-time and automated firewall rules subscriptions
Open-source intelligence, such as social media and blogs
Information sharing and analysis membership
Common vulnerability and exposure bulletins
Threat Management
A security analyst needs to reduce the overall attack surface.
Which of the following infrastructure changes should the analyst recommend?
Which of the following infrastructure changes should the analyst recommend?
Implement a honeypot.
Air gap sensitive systems.
Increase the network segmentation.
Implement a cloud-based architecture.
Security Architecture and Tool Sets
After a breach involving the exfiltration of a large amount of sensitive data, a security analyst is reviewing the following firewall logs to determine how the breach occurred:
Which of the following IP addresses does the analyst need to investigate further?
Which of the following IP addresses does the analyst need to investigate further?
192.168.1.1
192.168.1.10
192.168.1.12
192.168.1.193
Security Operations and Monitoring
A security analyst recently used Arachni to perform a vulnerability assessment of a newly developed web application. The analyst is concerned about the following output:
Which of the following is the MOST likely reason for this vulnerability?
Which of the following is the MOST likely reason for this vulnerability?
The developer set input validation protection on the specific field of search.aspx.
The developer did not set proper cross-site scripting protections in the header.
The developer did not implement default protections in the web application build.
The developer did not set proper cross-site request forgery protections.
Threat Management
Security Architecture and Tool Sets
Comments