Comptia (CS0-002) Exam Questions And Answers page 30
What Are Two Key Components of the Intelligence Cycle?
Multiple Choice
Which of the following are components of the intelligence cycle? (Choose two.)
Normalization
Response
Analysis
Correction
Dissension
Threat Management
Cybersecurity Tool Sets
As part of an exercise set up by the information security officer, the IT staff must move some of the network systems to an off-site facility and redeploy them for testing. All staff members must ensure their respective systems can power back up and match their gold image. If they find any inconsistencies, they must formally document the information.
Which of the following BEST describes this test?
Which of the following BEST describes this test?
Walk through
Full interruption
Simulation
Parallel
Security Operations and Monitoring
A security analyst is reviewing the following DNS logs as part of security-monitoring activities:
Which of the following MOST likely occurred?
Which of the following MOST likely occurred?
The attack used an algorithm to generate command and control information dynamically
The attack attempted to contact www.google.com to verify Internet connectivity
The attack used encryption to obfuscate the payload and bypass detection by an IDS
The attack caused an internal host to connect to a command and control server
Security Operations and Monitoring
Which of the following technologies can be used to store digital certificates and is typically used in high-security implementations where integrity is paramount?
HSM
eFuse
UEFI
Self-encrypting drive
Threat Management
Cybersecurity Tool Sets
Which of the following threat classifications would MOST likely use polymorphic code?
Known threat
Zero-day threat
Unknown threat
Advanced persistent threat
Threat Management
An organization is assessing risks so it can prioritize its mitigation actions. Following are the risks and their probability and impact:
Which of the following is the order of priority for risk mitigation from highest to lowest?
Which of the following is the order of priority for risk mitigation from highest to lowest?
A, B, C, D
A, D, B, C
B, C, A, D
C, B, D, A
D, A, C, B
Threat Management
Cyber Incident Response
A security analyst is reviewing the network security monitoring logs listed below:
Which of the following is the analyst MOST likely observing? (Choose two.)
Which of the following is the analyst MOST likely observing? (Choose two.)
10.1.1.128 sent potential malicious traffic to the web server.
10.1.1.128 sent malicious requests, and the alert is a false positive.
10.1.1.129 successfully exploited a vulnerability on the web server.
10.1.1.129 sent potential malicious requests to the web server.
10.1.1.129 sent non-malicious requests, and the alert is a false positive.
10.1.1.130 can potentially obtain information about the PHP version.
Cyber Incident Response
Security Operations and Monitoring
What is the best explanation for hardware root of trust?
Single Choice
Which of the following BEST explains hardware root of trust?
It uses the processor security extensions to protect the OS from malicious software installation.
It prevents side-channel attacks that can take advantage of speculative execution vulnerabilities.
It ensures the authenticity of firmware and software during the boot process until the OS is loaded.
It has been implemented as a mitigation to the Spectre and Meltdown hardware vulnerabilities.
Security Architecture and Tool Sets
A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan?
Make sure the scan is credentialed, covers all hosts in the patch management system, and is scheduled during business hours so it can be terminated if it affects business operations.
Make sure the scan is uncredentialed, covers all hosts in the patch management system, and is scheduled during off-business hours so it has the least impact on operations.
Make sure the scan is credentialed, has the latest software and signature versions, covers all hosts in the patch management system, and is scheduled during off-business hours so it has the least impact on operations.
Make sure the scan is credentialed, uses a limited plugin set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations.
Security Operations and Monitoring
An analyst is searching a log for potential credit card leaks. The log stores all data encoded in hexadecimal. Which of the following commands will allow the security analyst to confirm the incident?
cat log |xxd r p | egrep v [0-9]{16}
egrep (3[0-9]){16} log
cat log |xxd r p | egrep [0-9]{16}
egrep [0-9]{16} log |xxd
Security Operations and Monitoring
Comments