Which of the following attack techniques has the GREATEST likelihood of quick success against Modbus assets? A. Remote code execution B. Buffer overflow C. Unauthenticated commands D. Certificate spoofing.
A security analyst needs to provide the development team with secure connectivity from the corporate network to a three-tier cloud environment. The developers require access to servers in all three tiers in order to perform various configuration tasks. Which of the following technologies should the analyst implement to provide secure transport? A. CASB B. VPC C. Federation D. VPN.
After a series of Group Policy Object updates, multiple services stopped functioning. The systems administrator believes the issue resulted from a Group Policy Object update but cannot validate which update caused the issue. Which of the following security solutions would resolve this issue? A. Privilege management B. Group Policy Object management C. Change management D. Asset management.
Which of the following is MOST dangerous to the client environment during a vulnerability assessment/penetration test?
A. There is a longer period of time to assess the environment. B. The testing is outside the contractual scope. C. There is a shorter period of time to assess the environment. D. No status reports are included with the assessment.
The Chief Information Security Officer (CISO) of a large financial institution is seeking a solution that will block a predetermined set of data points from being transferred or downloaded by employees. The CISO also wants to track the data assets by name, type, content, or data profile.
Which of the following BEST describes what the CIS wants to purchase? A. Asset tagging B. SIEM C. File integrity monitor D. DLP.
A security analyst sees the following OWASP ZAP output from a scan that was performed against a modern version of Windows while testing for client-side vulnerabilities:
Alert Detail -
Low (Medium) Web Browser XSS Protection not enabled
Description: Web browser XSS protection not enabled, or disabled by the configuration of the HTTP Response header
URL: https://domain.com/sun/ray -
Which of the following is the MOST likely solution to the listed vulnerability? A. Enable the browsers XSS filter B. Enable Windows XSS protection. C. Enable the browser’s protected pages mode. D. Enable server-side XSS protection.
A company's legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. They have asked a security analyst to help tailor the response plan to provide broad coverage for many situations. Which of the following is the BEST way to achieve this goal?
A. Focus on incidents that have a high chance of reputation harm. B. Focus on common attack vectors first. C. Focus on incidents that affect critical systems. D. Focus on incidents that may require law enforcement support.
A security analyst notices the following entry while reviewing the server logs:
OR 1=1' ADD USER attacker' PW 1337password' --
Which of the following events occurred?
A. CSRF B. XSS C. SQLi D. RCE
.
Ensuring that all areas of security have the proper controls is a primary reason why organizations use?
A frameworks. B directors and officers. C incident response plans D engineering rigor.
An organization is experiencing security incidents in which a systems administrator is creating unauthorized user accounts. A security analyst has created a script to snapshot the system configuration each day. Following is one of the scripts: cat /etc/passwd > daily_$(date +"%m_%d_%Y")
This script has been running successfully every day. Which of the following commands would provide the analyst with additional useful information relevant to the above script? A. diff daily_11_03_2019 daily_11_04_2019 B. ps ג€"ef | grep admin > daily_process_$(date +%m_%d_%Y") C. more /etc/passwd > daily_$(date +%m_%d_%Y_%H:%M:%S") D. la ג€"lai /usr/sbin > daily_applications.
In SIEM software, a security analyst detected some changes to hash signatures from monitored files during the night followed by SMB brute-force attacks against the file servers. Based on this behavior, which of the following actions should be taken FIRST to prevent a more serious compromise? A. Fully segregate the affected servers physically in a network segment, apart from the production network. B. Collect the network traffic during the day to understand if the same activity is also occurring during business hours. C. Check the hash signatures, comparing them with malware databases to verify if the files are infected. D. Collect all the files that have changed and compare them with the previous baseline.
.
A. DNSSEC B. DMARC C. STP D. S/IMAP.
A company experienced a security compromise due to the inappropriate disposal of one of its hardware appliances. Sensitive information stored on the hardware appliance was not removed prior to disposal. Which of the following is the BEST manner in which to dispose of the hardware appliance? A. Ensure the hardware appliance has the ability to encrypt the data before disposing of it. B. Dispose of all hardware appliances securely, thoroughly, and in compliance with company policies C. Return the hardware appliance to the vendor, as the vendor is responsible for disposal. D. Establish guidelines for the handling of sensitive information.
Which of the following APT adversary archetypes represent non-nation-state threat actors? (Choose two.) A. Kitten B. Panda C. Tiger D. Jackal E. Bear F. Spider .
A security analyst needs to determine the best method for securing access to a top-secret datacenter. Along with an access card and PIN code, which of the following additional authentication methods would be BEST to enhance the datacenter’s security? A. Physical key B. Retinal scan C. Passphrase D. Fingerprint.
A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment. Which of the following is the BEST solution? A. Virtualize the system and decommission the physical machine. B. Remove it from the network and require air gapping. C. Implement privileged access management for identity access. D. Implement MFA on the specific system.
A security analyst is concerned the number of security incidents being reported has suddenly gone down. Daily business interactions have not changed, and no additional security controls have been implemented. Which of the following should the analyst review FIRST? A. The DNS configuration B. Privileged accounts C. The IDS rule set D. The firewall ACL.
A security analyst is reviewing the output of tcpdump to analyze the type of activity on a packet capture:
Which of the following generated the above output?
https://www.examtopics.com/discussions/comptia/view/84335-exam-cs0-002-topic-1-question-192-discussion/ A. A port scan B. A TLS connection C. A vulnerability scan D. A ping sweep.
A security technician configured a NIDS to monitor network traffic. Which of the following is a condition in which harmless traffic is classified as a potential network attack? A. True positive B. True negative C. False positive D. False negative.
While implementing a PKI for a company, a security analyst plans to utilize a dedicated server as the certificate authority that is only used to sign intermediate certificates. Which of the following are the MOST secure states for the certificate authority server when it is not in use? (Choose two.) A. On a private VLAN B. Full disk encrypted C. Powered off D. Backed up hourly E. VPN accessible only F. Air gapped .
A vulnerability assessment solution is hosted in the cloud. This solution will be used as an accurate inventory data source for both the configuration management database and the governance, risk, and compliance tool. An analyst has been asked to automate the data acquisition. Which of the following would be the BEST way to acquire the data? A. CSV export B. SOAR C. API D. Machine learning
.
|
