Comptia (CS0-002) Exam Questions And Answers page 5
A security team wants to make SaaS solutions accessible from only the corporate campus.
Which of the following would BEST accomplish this goal?
Which of the following would BEST accomplish this goal?
IP restrictions
Reverse proxy
Single sign-on
Threat Management
Security Architecture and Tool Sets
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output:
Which of the following lines indicates the computer may be compromised?
Which of the following lines indicates the computer may be compromised?
Line 1
Line 2
Line 3
Line 4
Line 5
Line 6
Security Operations and Monitoring
SIMULATION
Malware is suspected on a server in the environment.
The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers may be malware.
INSTRUCTIONS
Servers 1, 2, and 4 are clickable. Select the Server and the process that host the malware.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Malware is suspected on a server in the environment.
The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers may be malware.
INSTRUCTIONS
Servers 1, 2, and 4 are clickable. Select the Server and the process that host the malware.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Threat Management
Cyber Incident Response
A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident. The analyst determines backups were not performed during this time and reviews the following:
Which of the following should the analyst review to find out how the data was exfiltrated?
Which of the following should the analyst review to find out how the data was exfiltrated?
Monday s logs
Tuesday s logs
Wednesday s logs
Thursday s logs
Cyber Incident Response
Cybersecurity Tool Sets
The Chief Executive Officer (CEO) of a large insurance company has reported phishing emails that contain malicious links are targeting the entire organization. Which of the following actions would work BEST to prevent against this type of attack?
Turn on full behavioral analysis to avert an infection.
Implement an EDR mail module that will rewrite and analyze email links.
Reconfigure the EDR solution to perform real-time scanning of all files.
Ensure EDR signatures are updated every day to avert infection.
Modify the EDR solution to use heuristic analysis techniques for malware.
Threat Management
Cyber Incident Response
An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems.
As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue?
As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue?
Copies of prior audits that did not identify the servers as an issue
Project plans relating to the replacement of the servers that were approved by management
Minutes from meetings in which risk assessment activities addressing the servers were discussed
ACLs from perimeter firewalls showing blocked access to the servers
Copies of change orders relating to the vulnerable servers
Cybersecurity Tool Sets
Compliance and Assessment
A financial institution s business unit plans to deploy a new technology in a manner that violates existing information security standards. Which of the following actions should the Chief Information Security Officer (CISO) take to manage any type of violation?
Enforce the existing security standards and controls
Perform a risk analysis and qualify the risk with legal
Perform research and propose a better technology
Enforce the standard permits
Cybersecurity Tool Sets
Compliance and Assessment
A security analyst received a series of antivirus alerts from a workstation segment, and users reported ransomware messages. During lessons-learned activities, the analyst determines the antivirus was able to alert to abnormal behavior but did not stop this newest variant of ransomware. Which of the following actions should be taken to BEST mitigate the effects of this type of threat in the future?
Enabling sandboxing technology
Purchasing cyber insurance
Enabling application blacklisting
Installing a firewall between the workstations and Internet
Cyber Incident Response
Security Architecture and Tool Sets
During an incident, a cybersecurity analyst found several entries in the web server logs that are related to an IP with a bad reputation. Which of the following would cause the analyst to further review the incident?
BadReputationIp - - [2019-04-12 10:43Z] GET /etc/passwd 403 1023
BadReputationIp - - [2019-04-12 10:43Z] GET /index.html?src=../.ssh/id_rsa 401 17044
BadReputationIp - - [2019-04-12 10:43Z] GET /a.php?src=/etc/passwd 403 11056
BadReputationIp - - [2019-04-12 10:43Z] GET /a.php?src=../../.ssh/id_rsa 200 15036
BadReputationIp - - [2019-04-12 10:43Z] GET /favicon.ico?src=../usr/share/icons 200 19064
Threat Management
Cyber Incident Response
During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:
To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and __________.
To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and __________.
DST 138.10.2.5.
DST 138.10.25.5.
DST 172.10.3.5.
DST 172.10.45.5.
DST 175.35.20.5.
Threat Management
Cyber Incident Response
Comments