Exam Logo

Comptia (CS0-002) Exam Questions And Answers page 29

An incident response team is responding to a breach of multiple systems that contain PII and PHI. Disclosing the incident to external entities should be based on:
Cyber Incident Response Cybersecurity Tool Sets
A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output:


The analyst uses the vendor's website to confirm the oldest supported version is correct.

Which of the following BEST describes the situation?
Threat Management Cybersecurity Tool Sets
The help desk notified a security analyst that emails from a new email server are not being sent out. The new email server was recently added to the existing ones. The analyst runs the following command on the new server:


Given the output, which of the following should the security analyst check NEXT?
Security Operations and Monitoring
A security engineer is reviewing security products that identify malicious actions by users as part of a company s insider threat program. Which of the following is the MOST appropriate product category for this purpose?
Threat Management Cybersecurity Tool Sets
A network attack that is exploiting a vulnerability in the SNMP is detected.

Which of the following should the cybersecurity analyst do FIRST?
Threat Management Cyber Incident Response
A security analyst has received reports of very slow, intermittent access to a public-facing corporate server. Suspecting the system may be compromised, the analyst runs the following commands:


Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?
Security Operations and Monitoring
A security analyst has received information from a third-party intelligence-sharing resource that indicates employee accounts were breached.

Which of the following is the NEXT step the analyst should take to address the issue?
Threat Management Cyber Incident Response
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output:


Which of the following lines indicates the computer may be compromised?
Cyber Incident Response Security Operations and Monitoring
An organization is experiencing issues with emails that are being sent to external recipients. Incoming emails to the organization are working fine. A security analyst receives the following screenshot of an email error from the help desk:


The analyst then checks the email server and sees many of the following messages in the logs:

Error 550 Message rejected

Which of the following is MOST likely the issue?
Security Operations and Monitoring
A security analyst is concerned that a third-party application may have access to user passwords during authentication. Which of the following protocols should the application use to alleviate the analyst s concern?
Threat Management Cyber Incident Response