A company frequently experiences issues with credential stuffing attacks. Which of the following is the BEST control to help prevent these attacks from being successful? A. SIEM B. IDS C. MFA D. TLS.
A developer downloaded and attempted to install a file transfer application in which the installation package is bundled with adware. The nextgeneration antivirus software prevented the file from executing, but it did not remove the file from the device. Over the next few days, more developers tried to download and execute the offending file. Which of the following changes should be made to the security tools to BEST remedy the issue? A. Blacklist the hash in the next-generation antivirus system. B. Manually delete the file from each of the workstations. C. Remove administrative rights from all developer workstations D. Block the download of the file via the web proxy.
A company uses an FTP server to support its critical business functions. The FTP server is configured as follows:
✑ The FTP service is running with the data directory configured in /opt/ftp/data.
✑ The FTP server hosts employees' home directories in /home.
✑ Employees may store sensitive information in their home directories.
An IoC revealed that an FTP directory traversal attack resulted in sensitive data loss. Which of the following should a server administrator
implement to reduce the risk of current and future directory traversal attacks targeted at the FTP server?
A. Implement file-level encryption of sensitive files. B. Reconfigure the FTP server to support FTPS. C. Run the FTP server in a chroot environment. D. Upgrade the FTP server to the latest version.
An organization is adopting loT devices at an increasing rate and will need to account for firmware updates in
its vulnerability management programs. Despite the number of devices being deployed, the organization has
only focused on software patches so far. leaving hardware-related weaknesses open to compromise. Which of
the following best practices will help the organization to track and deploy trusted firmware updates as part of
its vulnerability management programs?
A Utilize threat intelligence to guide risk evaluation activities and implement critical updates after proper testing. B Apply all firmware updates as soon as they are released to mitigate the risk of compromise. C Determine an annual patch cadence to ensure all patching occurs at the same time. D. Implement an automated solution that detects when vendors release firmware updates and immediately
deploy updates to production.
A security analyst observes a large amount of scanning activity coming from an IP address outside the organization's environment. Which of the following should the analyst do to block this activity? A. Create an IPS rule to block the subnet. B. Sinkhole the IP address. C. Create a firewall rule to block the IP address. D. Close all unnecessary open ports.
A security analyst is researching ways to improve the security of a company's email system to mitigate emails that are impersonating company executives. Which of the following would be BEST for the analyst to configure to achieve this objective?
A. A TXT record on the name server for SPF B. DNSSEC keys to secure replication C. Domain Keys Identified Mail D. A sandbox to check incoming mail.
Due to a rise in cyber attackers seeking PHI, a healthcare company that collects highly sensitive data from millions of customers is deploying a solution that will ensure the customers' data is protected by the organization internally and externally. Which of the following countermeasures can BEST prevent the loss of customers' sensitive data? A. Implement privileged access management. B. Implement a risk management process. C. Implement multifactor authentication. D. Add more security resources to the environment.
A Impair defenses. B Establish persistence. C Bypass file access controls. D Implement beaconing.
A new prototype for a company’s flagship product was leaked on the internet. As a result, the management team has locked out all USB dives. Optical drive writers are not present on company computers. The sales team has been granted an exception to share sales presentation files with third parties. Which of the following would allow the IT team to determine which devices are USB enabled? A. Asset tagging B. Device encryption C. Data loss prevention D. SIEM logs.
An organization discovers motherboards within the environment that appear to have been physically altered during the manufacturing process. Which of the following is the BEST course of action to mitigate the risk of this reoccurring?
A. Perform an assessment of the firmware to determine any malicious modifications. B. Conduct a trade study to determine if the additional risk constitutes further action. C. Coordinate a supply chain assessment to ensure hardware authenticity D. Work with IT to replace the devices with the known-altered motherboards.
A security analyst responds to a series of events surrounding sporadic bandwidth consumption from an endpoint device. The security analyst then identifies the following additional details:
• Bursts of network utilization occur approximately every seven days.
• The content being transferred appears to be encrypted or obfuscated.
• A separate but persistent outbound TCP connection from the host to infrastructure in a third-party cloud is in place.
• The HDD utilization on the device grows by 10GB to 12GB over the course of every seven days.
• Single file sizes are 10GB.
Which of the following describes the most likely cause of the issue? a Memory consumption b Non-standard port usage c Data exfiltration d System update e Botnet participant.
Which of the following actions will an attacker be able to initiate directly against this host? A.Password sniffing B.ARP spoofing C.A brute-force attack D.An SQL injection.
A company's Chief Information Officer wants to use a CASB solution to ensure policies are being met during cloud access. Due to the nature of the company's business and risk appetite, the management team elected to not store financial information in the cloud. A security analyst needs to recommend a solution to mitigate the threat of financial data leakage into the cloud. Which of the following should the analyst recommend? A. Utilize the CASB to enforce DLP data-at-rest protection for financial information that is stored on premises. B. Do not utilize the CASB solution for this purpose, but add DLP on premises for data in motion. C. Utilize the CASB to enforce DLP data-in-motion protection for financial information moving to the cloud. D. Do not utilize the CASB solution for this purpose, but add DLP on premises for data at rest.
A security analyst recently observed evidence of an attack against a company's web server. The analyst investigated the issue but was unable to find an exploit that adequately explained the observations
Which of the following is the MOST likely cause of this issue? aThe security analyst needs updated forensic analysis tools. bThe security analyst needs more training on threat hunting and research. c the security analyst has potentially found a zero-day vulnerability that has been exploited. d The security analyst has encountered a polymorphic piece of malware.
An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issued mobile device while connected to the network. Which of the following actions would help during the forensic analysis of the mobile device? (Choose two.)
A. Resetting the phone to factory settings B. Rebooting the phone and installing the latest security updates C. Documenting the respective chain of custody D. Uninstalling any potentially unwanted programs E. Performing a memory dump of the mobile device for analysis F. Unlocking the device by blowing the eFuse.
During a review of SIEM alerts, a security analyst discovers the SIEM is receiving many alerts per day from the file-integrity monitoring tool about files from a newly deployed application that should not change. Which of the following steps should the analyst complete FIRST to respond to the issue? A. Warn the incident response team that the server can be compromised. B. Open a ticket informing the development team about the alerts. C. Check if temporary files are being monitored. D. Dismiss the alert, as the new application is still being adapted to the environment.
A financial institution's business unit plans to deploy a new technology in a manner that violates existing information security standards. Which of the following actions should the Chief Information Security Officer (CISO) take to manage any type of violation?
A. Enforce the existing security standards and controls. B. Perform a risk analysis and qualify the risk with legal. C. Perform research and propose a better technology. D. Enforce the standard permits.
A security analyst needs to provide a copy of a hard drive for forensic analysis. Which of the following would allow the analyst to perform the task?
A. dcfldd if=/dev/one of=/mnt/usb/evidence.bin hash=md5, sha1 hashlog=/mnt/usb/evidence.bin.hashlog B. dd if=/dev/sda of=/mnt/usb/evidence.bin bs=4096; sha5l2sum /mnt/usb/evidence.bin > /mnt/usb/evidence.bin.hash C. tar -zcf /mnt/usb/evidence.tar.gz / -except /mnt; sha256sum /mnt/usb/evidence.tar.gz > /mnt/usb/evidence.tar.gz.hash D. find / -type f -exec cp {} /mnt/usb/evidence/ \; sha1sum /mnt/usb/evidence/* > /mnt/usb/evidence/evidence.hash.
An analyst is reviewing the output from some recent network enumeration activities. The following entry relates to a target on the network:
Based on the Nmap output above, which of the following features is running on the router?
https://www.examtopics.com/discussions/comptia/view/97979-exam-cs0-002-topic-1-question-294-discussion/ A.Web application firewall B.Port triggering C.Intrusion prevention system D.Port isolation E.Port address translation.
A security analyst who works in the SOC receives a new requirement to monitor for indicators of compromise. Which of the following is the first action the analyst should take in this situation? A. Develop a dashboard to track the indicators of compromise. B. Develop a query to search for the indicators of compromise. C. Develop a new signature to alert on the indicators of compromise. D. Develop a new signature to block the indicators of compromise.
|
