Comptia (CS0-002) Exam Questions And Answers page 6
Which of the following should a database administrator implement to BEST protect data from an untrusted server administrator?
Data encryption
Data masking
Data minimization
Threat Management
Cyber Incident Response
Which of the following BEST describes the primary role of a risk assessment as it relates to compliance with risk-based frameworks?
It demonstrated the organization s mitigation of risks associated with internal threats.
It serves as the basis for control selection.
It prescribes technical control requirements.
It is an input to the business impact assessment.
Compliance and Assessment
A company uses self-signed certificates when sending emails to recipients within the company. Users are calling the help desk because they are getting warnings when attempting to open emails sent by internal users. A security analyst checks the certificates and sees the following:
Issued to: [email protected]
Issued by: certServer.company.com
Valid from: 1/1/2020 to 1/1/2030
Which of the following should the security analyst conclude?
Issued to: [email protected]
Issued by: certServer.company.com
Valid from: 1/1/2020 to 1/1/2030
Which of the following should the security analyst conclude?
[email protected] is a malicious insider.
The valid dates are too far apart and are generating the alerts.
certServer has been compromised.
The root certificate was not installed in the trusted store.
Threat Management
Cybersecurity Tool Sets
An incident responder successfully acquired application binaries off a mobile device for later forensic analysis.
Which of the following should the analyst do NEXT?
Which of the following should the analyst do NEXT?
Decompile each binary to derive the source code.
Perform a factory reset on the affected mobile device.
Compute SHA-256 hashes for each binary.
Encrypt the binaries using an authenticated AES-256 mode of operation.
Inspect the permissions manifests within each application.
Cyber Incident Response
Cybersecurity Tool Sets
The management team assigned the following values to an inadvertent breach of privacy regulations during the original risk assessment:
• Probability = 25%
• Magnitude = $1,015 per record
• Total records = 10,000
Two breaches occurred during the fiscal year. The first compromised 35 records, and the second compromised 65 records. Which of the following is the value of the records that were compromised?
• Probability = 25%
• Magnitude = $1,015 per record
• Total records = 10,000
Two breaches occurred during the fiscal year. The first compromised 35 records, and the second compromised 65 records. Which of the following is the value of the records that were compromised?
$10,150
$25,375
$101,500
$2,537,500
Compliance and Assessment
In web application scanning, static analysis refers to scanning:
the system for vulnerabilities before installing the application.
the compiled code of the application to detect possible issues.
an application that is installed and active on a system.
an application that is installed on a system that is assigned a static IP.
Security Architecture and Tool Sets
Cybersecurity Tool Sets
To prioritize the morning s work, an analyst is reviewing security alerts that have not yet been investigated. Which of the following assets should be investigated FIRST?
The workstation of a developer who is installing software on a web server.
A new test web server that is in the process of initial installation.
An accounting supervisor s laptop that is connected to the VPN
The laptop of the vice president that is on the corporate LAN
Cyber Incident Response
Security Operations and Monitoring
An application server runs slowly and then triggers a high CPU alert. After investigating, a security analyst finds an unauthorized program is running on the server. The analyst reviews the application log below.
Which of the following conclusions is supported by the application log?
Which of the following conclusions is supported by the application log?
An attacker was attempting to perform a DoS attack against the server
An attacker was attempting to download files via a remote command execution vulnerability
An attacker was attempting to perform a buffer overflow attack to execute a payload in memory
An attacker was attempting to perform an XSS attack via a vulnerable third-party library
Threat Management
Cyber Incident Response
A company has contracted with a software development vendor to design a web portal for customers to access a medical records database. Which of the following should the security analyst recommend to BEST control the unauthorized disclosure of sensitive data when sharing the development database with the vendor?
Establish an NDA with the vendor.
Enable data masking of sensitive data tables in the database.
Set all database tables to read only.
Use a de-identified data process for the development database.
Cybersecurity Tool Sets
Compliance and Assessment
A cybersecurity analyst is responding to an incident. The company s leadership team wants to attribute the incident to an attack group. Which of the following models would BEST apply to the situation?
Intelligence cycle
Diamond Model of Intrusion Analysis
Kill chain
MITRE ATT&CK
Cyber Incident Response
Comments