Comptia (CS0-002) Exam Questions And Answers page 8
An analyst has received a notification about potential malicious activity against a web server. The analyst logs in to a central log collection server and runs the following command: cat access.log.1 | grep union . The output shown below appears:
<68.71.54.117> [31/Jan/2020:10:02:31 0400] Get /cgi-bin/backend1.sh?id=%20union%20select%20192.168.60.50 HTTP/1.1
68.71.54.117>Which of the following attacks has occurred on the server?
<68.71.54.117> [31/Jan/2020:10:02:31 0400] Get /cgi-bin/backend1.sh?id=%20union%20select%20192.168.60.50 HTTP/1.1
68.71.54.117>Which of the following attacks has occurred on the server?
SQL injection
Cross-site scripting
Directory traversal
Threat Management
Cyber Incident Response
A security analyst is required to stay current with the most recent threat data and intelligence reports. When gathering data, it is MOST important for the data to be:
proprietary and timely
proprietary and accurate
relevant and deep
relevant and accurate
Threat Management
Given the Nmap request below:
Which of the following actions will an attacker be able to initiate directly against this host?
Which of the following actions will an attacker be able to initiate directly against this host?
Password sniffing
ARP spoofing
A brute-force attack
An SQL injection
Security Architecture and Tool Sets
Cybersecurity Tool Sets
During a routine log review, a security analyst has found the following commands that cannot be identified from the Bash history log on the root user:
Which of the following commands should the analyst investigate FIRST?
Which of the following commands should the analyst investigate FIRST?
Line 1
Line 2
Line 3
Line 4
Line 5
Line 6
Security Architecture and Tool Sets
Cybersecurity Tool Sets
An organization wants to mitigate against risks associated with network reconnaissance. ICMP is already blocked at the firewall; however, a penetration testing team has been able to perform reconnaissance against the organization s network and identify active hosts. An analyst sees the following output from a packet capture:
Which of the following phrases from the output provides information on how the testing team is successfully getting around the ICMP firewall rule?
Which of the following phrases from the output provides information on how the testing team is successfully getting around the ICMP firewall rule?
flags=RA indicates the testing team is using a Christmas tree attack
ttl=64 indicates the testing team is setting the time to live below the firewall s threshold
0 data bytes indicates the testing team is crafting empty ICMP packets
NO FLAGS are set indicates the testing team is using hping
Security Architecture and Tool Sets
Security Operations and Monitoring
A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization:
Which of the following technologies would MOST likely be used to prevent this phishing attempt?
Which of the following technologies would MOST likely be used to prevent this phishing attempt?
DNSSEC
DMARC
STP
S/IMAP
Threat Management
Cyber Incident Response
A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet.
Which of the following solutions would meet this requirement?
Which of the following solutions would meet this requirement?
Establish a hosted SSO.
Implement a CASB.
Virtualize the server.
Air gap the server.
Threat Management
Cybersecurity Tool Sets
An analyst performs a routine scan of a host using Nmap and receives the following output:
Which of the following should the analyst investigate FIRST?
Which of the following should the analyst investigate FIRST?
Port 21
Port 22
Port 23
Port 80
Security Operations and Monitoring
A security analyst is supporting an embedded software team. Which of the following is the BEST recommendation to ensure proper error handling at runtime?
Perform static code analysis
Require application fuzzing
Enforce input validation
Perform a code review
Security Operations and Monitoring
During an investigation, an analyst discovers the following rule in an executive s email client:
IF * TO THEN mailto:
SELECT FROM sent THEN DELETE FROM
The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
IF * TO
SELECT FROM sent THEN DELETE FROM
The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
Check the server logs to evaluate which emails were sent to
Use the SIEM to correlate logging events from the email server and the domain server
Remove the rule from the email client and change the password
Recommend that management implement SPF and DKIM
Security Operations and Monitoring
Comments