Exam Logo

Comptia (CS0-002) Exam Questions And Answers page 32

While investigating an incident in a company s SIEM console, a security analyst found hundreds of failed SSH login attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user. Company policy allows systems administrators to manage their systems only from the company s internal network using their assigned corporate logins. Which of the following are the BEST actions the analyst can take to stop any further compromise? (Choose two.)
Cyber Incident Response Security Operations and Monitoring
A company s senior human resources administrator left for another position, and the assistant administrator was promoted into the senior position. On the official start day, the new senior administrator planned to ask for extended access permissions but noticed the permissions were automatically granted on that day. Which of the following describes the access management policy in place at the company?
Security Operations and Monitoring
An organization was alerted to a possible compromise after its proprietary data was found for sale on the Internet. An analyst is reviewing the logs from the next-generation UTM in an attempt to find evidence of this breach. Given the following output:


Which of the following should be the focus of the investigation?
Threat Management Cyber Incident Response
An analyst needs to provide a recommendation that will allow a custom-developed application to have full access to the system s processors and peripherals but still be contained securely from other applications that will be developed. Which of the following is the BEST technology for the analyst to recommend?
Security Architecture and Tool Sets
A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activities.

Which of the following would be BEST to implement to alleviate the CISO's concern?
Threat Management Cybersecurity Tool Sets
A security analyst has observed several incidents within an organization that are affecting one specific piece of hardware on the network. Further investigation reveals the equipment vendor previously released a patch.

Which of the following is the MOST appropriate threat classification for these incidents?
Threat Management Cybersecurity Tool Sets
During an incident investigation, a security analyst acquired a malicious file that was used as a backdoor but was not detected by the antivirus application. After performing a reverse-engineering procedure, the analyst found that part of the code was obfuscated to avoid signature detection. Which of the following types of instructions should the analyst use to understand how the malware was obfuscated and to help deobfuscate it?
Cyber Incident Response Security Architecture and Tool Sets
Which of the following BEST articulates the benefit of leveraging SCAP in an organization s cybersecurity analysis toolset?
Cybersecurity Tool Sets Security Operations and Monitoring
Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII?
Cyber Incident Response
A company s security administrator needs to automate several security processes related to testing for the existence of changes within the environment. Conditionally, other processes will need to be created based on input from prior processes. Which of the following is the BEST method for accomplishing this task?
Security Operations and Monitoring