Comptia (CS0-002) Exam Questions And Answers page 31
An information security analyst observes anomalous behavior on the SCADA devices in a power plant. This behavior results in the industrial generators overheating and destabilizing the power supply.
Which of the following would BEST identify potential indicators of compromise?
Which of the following would BEST identify potential indicators of compromise?
Use tcpdump to capture packets from the SCADA device IP.
Use Wireshark to capture packets between SCADA devices and the management system.
Use Nmap to capture packets from the management system to the SCADA devices.
Threat Management
Cyber Incident Response
An information security analyst is compiling data from a recent penetration test and reviews the following output:
The analyst wants to obtain more information about the web-based services that are running on the target.
Which of the following commands would MOST likely provide the needed information?
The analyst wants to obtain more information about the web-based services that are running on the target.
Which of the following commands would MOST likely provide the needed information?
ping -t 10.79.95.173.rdns.datacenters.com
telnet 10.79.95.173 443
ftpd 10.79.95.173.rdns.datacenters.com 443
tracert 10.79.95.173
Security Architecture and Tool Sets
Security Operations and Monitoring
An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs, the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint. Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?
Patching logs
Threat feed
Backup logs
Change requests
Data classification matrix
Cyber Incident Response
Security Operations and Monitoring
When investigating a compromised system, a security analyst finds the following script in the /tmp directory:
Which of the following attacks is this script attempting, and how can it be mitigated?
Which of the following attacks is this script attempting, and how can it be mitigated?
This is a password-hijacking attack, and it can be mitigated by using strong encryption protocols.
This is a password-spraying attack, and it can be mitigated by using multifactor authentication.
This is a password-dictionary attack, and it can be mitigated by forcing password changes every 30 days.
This is a credential-stuffing attack, and it can be mitigated by using multistep authentication.
Cyber Incident Response
A security analyst is auditing firewall rules with the goal of scanning some known ports to check the firewall s behavior and responses. The analyst executes the following commands:
The analyst then compares the following results for port 22:
• nmap returns Closed
• hping3 returns flags=RA
Which of the following BEST describes the firewall rule?
The analyst then compares the following results for port 22:
• nmap returns Closed
• hping3 returns flags=RA
Which of the following BEST describes the firewall rule?
DNAT -to-destination 1.1.1.1:3000
REJECT with -tcp-reset
LOG -log-tcp-sequence
DROP
Security Operations and Monitoring
Which of the following data security controls would work BEST to prevent real PII from being used in an organization s test cloud environment?
Encryption
Data loss prevention
Data masking
Digital rights management
Access control
Security Architecture and Tool Sets
Cybersecurity Tool Sets
A security analyst is probing a company s public-facing servers for vulnerabilities and obtains the following output:
Which of the following changes should the analyst recommend FIRST?
Which of the following changes should the analyst recommend FIRST?
Implement File Transfer Protocol Secure on the upload server
Disable anonymous login on the web server
Configure firewall changes to close port 445 on 124.45.23.112
Apply a firewall rule to filter the number of requests per second on port 80 on 124.45.23.108
Security Architecture and Tool Sets
Security Operations and Monitoring
A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.
Tool A reported the following:
Tool B reported the following:
Which of the following BEST describes the method used by each tool? (Choose two.)
Tool A reported the following:
Tool B reported the following:
Which of the following BEST describes the method used by each tool? (Choose two.)
Tool A is agent based.
Tool A used fuzzing logic to test vulnerabilities.
Tool A is unauthenticated.
Tool B utilized machine learning technology.
Tool B is agent based.
Tool B is unauthenticated.
Security Operations and Monitoring
A web-based front end for a business intelligence application uses pass-through authentication to authenticate users. The application then uses a service account to perform queries and look up data in a database. A security analyst discovers employees are accessing data sets they have not been authorized to use. Which of the following will fix the cause of the issue?
Change the security model to force the users to access the database as themselves
Parameterize queries to prevent unauthorized SQL queries against the database
Configure database security logging using syslog or a SIEM
Enforce unique session IDs so users do not get a reused session ID
Compliance and Assessment
A company wants to establish a threat-hunting team. Which of the following BEST describes the rationale for integrating intelligence into hunt operations?
It enables the team to prioritize the focus areas and tactics within the company s environment
It provides criticality analyses for key enterprise servers and services
It allows analysts to receive routine updates on newly discovered software vulnerabilities
It supports rapid response and recovery during and following an incident
Threat Management
Comments