An analyst needs to provide a recommendation that will allow a custom-developed application to have full access to the system's processors and peripherals but still be contained securely from other applications that will be developed. Which of the following is the BEST technology for the analyst to recommend?
A. Software-based drive encryption
B. Trusted execution environment
C. Unified Extensible Firmware Interface
D. Hardware security module
An organization has been seeing increased levels of malicious traffic. A security analyst wants to take a more proactive approach to identify the threats that are acting against the organization's network. Which of the following approaches should the security analyst recommend?
A. Use the MITRE ATTandCK framework to develop threat models.
B. Conduct internal threat research and establish indicators of compromise.
C. Review the perimeter firewall rules to ensure rule-set accuracy.
D. Use SCAP scans to monitor for configuration changes on the network.
Which of the following incident response components can identify who is the liaison between multiple lines of business and the public?
A. Red-team analysis
B. Escalation process and procedures
C. Triage and analysis
D. Communications plan
Which of the following threat classifications would MOST likely use polymorphic code?
A. Known threat
B. Zero-day threat
C. Unknown threat
D. Advanced persistent threat
A general contractor has a list of contract documents containing critical business data that are stored at a public cloud provider. The organization's security analyst recently reviewed some of the storage containers and discovered most of the containers are not encrypted. Which of the following configurations will provide the MOST security to resolve the vulnerability?
A. Upgrading TLS 1.2 connections to TLS 1.3
B. Implementing AES-256 encryption on the containers
C. Enabling SHA-256 hashing on the containers
D. Implementing the Triple Data Encryption Algorithm at the file level
While investigating an incident in a company's SIEM console, a security analyst found hundreds of failed SSH login attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user. Company policy allows systems administrators to manage their systems only from the company's internal network using their assigned corporate logins.
Which of the following are the BEST actions the analyst can take to stop any further compromise? (Choose two.)
A. Add a rule on the affected system to block access to port TCP/22.
B. Reset the passwords for all accounts on the affected system.
C. Add a rule on the perimeter firewall to block the source IP address.
D. Configure /etc/sshd_config to deny root logins and restart the SSHD service.
E. Configure /etc/passwd to deny root logins and restart the SSHD service.
F. Add a rule on the network IPS to block SSH user sessions.
A security analyst is reviewing the network security monitoring logs listed below:
Count: 2 Event#3.3505 2020-01-30 10:40 UTC GPL WEB SERVER robots. txt access
10.1.1.128 -> 10.0.0.10 IPVer=4 hlen=5 tos=0 dlen=269 ID=0 flags=0 offset=0 tt1=0 chksum=22704 Protocol: 6 sport=45260 => dport=80 Sec=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=23415 chksum=0
Count: 22 Event#3.3507 2020-01-30 10:40 UTC ET WEB SPECIFIC APPS PHPStudy Remote Code Execution Backdoor
10.1.1.129 -> 10.0.0.10 IPVer=4 hen=5 tos=0 dlen=269 ID=0 flags=0 offset=0 tt1=0 chksum=22704 Protocol: 6 sport=65200 -> dport=80 Sea=0 Ack=0 off=5 Res=0 Flags=******** win=0 urp=26814 chksum=0
Count: 30 Event#3.3522 2020-01-30 10:40 UTC ET WEB SERVER WEB-PHP phpinfo access
10.1.1.130 -> 10.0.0.10 IPVer=4 hen=5 tos=0 dlen=269 ID=0 flags=0 offset=0 tt1=0 chksum=22704 Protocol: 6 sport=58175 -> dport=80 Sec=0 Ack=0 Off=5 Res=0 Flags=******** win=0 urp=22875 chksum=0
Count: 22 Event#3.3728 2020-01-30 10:40 UTC GPL WEB SERVER 403 Forbidden
10.0.0.10 -> 10.1.1.129 IPVer=4 hen=5 tos=0 dlen=533 ID=0 flags=0 offset=0 tt1=0 chksum=20471 Protocol: 6 sport=80 -> dport=65200 Sea=0 Ack=0 Off=5 Res=0 Flags=******** win=0 urp=59638 chksum=0
Which of the following is the analyst MOST likely observing? (Choose two.)
A. 10.1.1.128 sent potential malicious traffic to the web server.
B. 10.1.1.128 sent malicious requests, and the alert is a false positive.
C. 10.1.1.129 successfully exploited a vulnerability on the web server.
D. 10.1.1.129 sent potential malicious requests to the web server.
E. 10.1.1.129 sent non-malicious requests, and the alert is a false positive.
F. 10.1.1.130 can potentially obtain information about the PHP version.
A company creates digitally signed packages for its devices. Which of the following BEST describes the method by which the security packages are delivered to the company's customers?
A. Anti-tamper mechanism
B. SELinux
C. Trusted firmware updates
D. eFuse
Understanding attack vectors and integrating intelligence sources are important components of:
A. a vulnerability management plan.
B. proactive threat hunting.
C. risk management compliance.
D. an incident response plan.
An organization is upgrading its network and all of its workstations. The project will occur in phases, with infrastructure upgrades each month and workstation installs every other week. The schedule should accommodate the enterprise-wide changes, while minimizing the impact to the network.
Which of the following schedules BEST addresses these requirements?
A. Monthly vulnerability scans, biweekly topology scans, daily host discovery scans
B. Monthly topology scans, biweekly host discovery scans, monthly vulnerability scans
C. Monthly host discovery scans, biweekly vulnerability scans, monthly topology scans
D. Monthly topology scans, biweekly host discovery scans, weekly vulnerability scans
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.