Exam Logo

Comptia (CS0-002) Exam Questions And Answers page 31

An information security analyst observes anomalous behavior on the SCADA devices in a power plant. This behavior results in the industrial generators overheating and destabilizing the power supply.

Which of the following would BEST identify potential indicators of compromise?
Threat Management Cyber Incident Response
An information security analyst is compiling data from a recent penetration test and reviews the following output:


The analyst wants to obtain more information about the web-based services that are running on the target.

Which of the following commands would MOST likely provide the needed information?
Security Architecture and Tool Sets Security Operations and Monitoring
An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs, the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint. Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?
Cyber Incident Response Security Operations and Monitoring
When investigating a compromised system, a security analyst finds the following script in the /tmp directory:


Which of the following attacks is this script attempting, and how can it be mitigated?
Cyber Incident Response
A security analyst is auditing firewall rules with the goal of scanning some known ports to check the firewall s behavior and responses. The analyst executes the following commands:


The analyst then compares the following results for port 22:

• nmap returns Closed
• hping3 returns flags=RA

Which of the following BEST describes the firewall rule?
Security Operations and Monitoring
Which of the following data security controls would work BEST to prevent real PII from being used in an organization s test cloud environment?
Security Architecture and Tool Sets Cybersecurity Tool Sets
A security analyst is probing a company s public-facing servers for vulnerabilities and obtains the following output:


Which of the following changes should the analyst recommend FIRST?
Security Architecture and Tool Sets Security Operations and Monitoring
A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.

Tool A reported the following:


Tool B reported the following:


Which of the following BEST describes the method used by each tool? (Choose two.)
Security Operations and Monitoring
A web-based front end for a business intelligence application uses pass-through authentication to authenticate users. The application then uses a service account to perform queries and look up data in a database. A security analyst discovers employees are accessing data sets they have not been authorized to use. Which of the following will fix the cause of the issue?
Compliance and Assessment
A company wants to establish a threat-hunting team. Which of the following BEST describes the rationale for integrating intelligence into hunt operations?
Threat Management