Comptia (CS0-002) Exam Questions And Answers page 32
While investigating an incident in a company s SIEM console, a security analyst found hundreds of failed SSH login attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user. Company policy allows systems administrators to manage their systems only from the company s internal network using their assigned corporate logins. Which of the following are the BEST actions the analyst can take to stop any further compromise? (Choose two.)
Reset the passwords for all accounts on the affected system.
Add a rule on the perimeter firewall to block the source IP address.
Configure /etc/sshd_config to deny root logins and restart the SSHD service.
Configure /etc/passwd to deny root logins and restart the SSHD service.
Add a rule on the network IPS to block SSH user sessions.
Cyber Incident Response
Security Operations and Monitoring
A company s senior human resources administrator left for another position, and the assistant administrator was promoted into the senior position. On the official start day, the new senior administrator planned to ask for extended access permissions but noticed the permissions were automatically granted on that day. Which of the following describes the access management policy in place at the company?
Role-based
Mandatory-based
Host-based
Federated access
Security Operations and Monitoring
An organization was alerted to a possible compromise after its proprietary data was found for sale on the Internet. An analyst is reviewing the logs from the next-generation UTM in an attempt to find evidence of this breach. Given the following output:
Which of the following should be the focus of the investigation?
Which of the following should be the focus of the investigation?
webserver.org-dmz.org
sftp.org-dmz.org
83hht23.org-int.org
ftps.bluemed.net
Threat Management
Cyber Incident Response
An analyst needs to provide a recommendation that will allow a custom-developed application to have full access to the system s processors and peripherals but still be contained securely from other applications that will be developed. Which of the following is the BEST technology for the analyst to recommend?
Software-based drive encryption
Trusted execution environment
Unified Extensible Firmware Interface
Hardware security module
Security Architecture and Tool Sets
A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activities.
Which of the following would be BEST to implement to alleviate the CISO's concern?
Which of the following would be BEST to implement to alleviate the CISO's concern?
DLP
Encryption
Test data
NDA
Threat Management
Cybersecurity Tool Sets
A security analyst has observed several incidents within an organization that are affecting one specific piece of hardware on the network. Further investigation reveals the equipment vendor previously released a patch.
Which of the following is the MOST appropriate threat classification for these incidents?
Which of the following is the MOST appropriate threat classification for these incidents?
Known threat
Zero day
Unknown threat
Advanced persistent threat
Threat Management
Cybersecurity Tool Sets
During an incident investigation, a security analyst acquired a malicious file that was used as a backdoor but was not detected by the antivirus application. After performing a reverse-engineering procedure, the analyst found that part of the code was obfuscated to avoid signature detection. Which of the following types of instructions should the analyst use to understand how the malware was obfuscated and to help deobfuscate it?
SUB
MOVL
MOV
ADD
XOR
Cyber Incident Response
Security Architecture and Tool Sets
Which of the following BEST articulates the benefit of leveraging SCAP in an organization s cybersecurity analysis toolset?
It automatically performs remedial configuration changes to enterprise security services
It enables standard checklist and vulnerability analysis expressions for automation
It establishes a continuous integration environment for software development operations
It provides validation of suspected system vulnerabilities through workflow orchestration
Cybersecurity Tool Sets
Security Operations and Monitoring
Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII?
Human resources
Public relations
Marketing
Internal network operations center
Cyber Incident Response
A company s security administrator needs to automate several security processes related to testing for the existence of changes within the environment. Conditionally, other processes will need to be created based on input from prior processes. Which of the following is the BEST method for accomplishing this task?
Machine learning and process monitoring
Continuous integration and configuration management
API integration and data enrichment
Workflow orchestration and scripting
Security Operations and Monitoring
Comments