Comptia (CS0-002) Exam Questions And Answers page 34
An information security analyst is working with a data owner to identify the appropriate controls to preserve the confidentiality of data within an enterprise environment. One of the primary concerns is exfiltration of data by malicious insiders. Which of the following controls is the MOST appropriate to mitigate risks?
OS fingerprinting
Digital watermarking
Data loss prevention
Threat Management
Cyber Incident Response
An analyst wants to identify hosts that are connecting to the external FTP servers and what, if any, passwords are being used. Which of the following commands should the analyst use?
tcpdump X dst port 21
ftp ftp.server p 21
nmap o ftp.server p 21
telnet ftp.server 21
Security Architecture and Tool Sets
Compliance and Assessment
Which of the following session management techniques will help to prevent a session identifier from being stolen via an XSS attack?
Ensuring the session identifier length is sufficient
Creating proper session identifier entropy
Applying a secure attribute on session cookies
Utilizing transport layer encryption on all requests
Implementing session cookies with the HttpOnly flag
Threat Management
Security Operations and Monitoring
A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations. Which of the following would work BEST to prevent this type of incident in the future?
Implement a UTM instead of a stateful firewall and enable gateway antivirus.
Back up the workstations to facilitate recovery and create a gold image.
Establish a ransomware awareness program and implement secure and verifiable backups.
Virtualize all the endpoints with daily snapshots of the virtual machines.
Cyber Incident Response
Security Architecture and Tool Sets
For machine learning to be applied effectively toward security analysis automation, it requires __________.
relevant training data.
a threat feed API.
a multicore, multiprocessor system.
anomalous traffic signatures.
Security Architecture and Tool Sets
Cybersecurity Tool Sets
A security analyst reviews SIEM logs and discovers the following error event:
Which of the following environments does the analyst need to examine to continue troubleshooting the event?
Which of the following environments does the analyst need to examine to continue troubleshooting the event?
WAF appliance
Proxy server
SQL server
Windows domain controller
DNS server
Security Operations and Monitoring
A storage area network (SAN) was inadvertently powered off while power maintenance was being performed in a datacenter. None of the systems should have lost all power during the maintenance. Upon review, it is discovered that a SAN administrator moved a power plug when testing the SAN's fault notification features.
Which of the following should be done to prevent this issue from reoccurring?
Which of the following should be done to prevent this issue from reoccurring?
Ensure both power supplies on the SAN are serviced by separate circuits, so that if one circuit goes down, the other remains powered.
Install additional batteries in the SAN power supplies with enough capacity to keep the system powered on during maintenance operations.
Ensure power configuration is covered in the datacenter change management policy and have the SAN administrator review this policy.
Install a third power supply in the SAN so loss of any power intuit does not result in the SAN completely powering off.
Threat Management
Security Operations and Monitoring
A company s security officer needs to implement geographical IP blocks for nation-state actors from a foreign country. On which of the following should the blocks be implemented?
Data loss prevention
Network access control
Access control list
Web content filter
Threat Management
Comments