A company recently experienced similar network attacks. To determine whether the attacks were identical, the company should gather a list of IPs domains, and files and use:
A. behavior data.
B. the Diamond Model of Intrusion Analysis.
C. the attack kill chain.
D. the reputational data.
An organization supports a large number of remote users. Which of the following is the BEST option to protect the data on the remote users' laptops?
A. Require the use of VPNs.
B. Require employees to sign an NDA.
C. Implement a DLP solution.
D. Use whole disk encryption.
A code review reveals a web application is using time-based cookies for session management. This is a security concern because time-based cookies are easy to:
A. parameterize.
B. decode.
C. guess.
D. decrypt.
A security analyst has received a report that servers are no longer able to connect to the network. After many hours of troubleshooting, the analyst determines a Group Policy Object is responsible for the network connectivity issues. Which of the following solutions should the security analyst recommend to prevent an interruption of service in the future?
A. CI/CD pipeline
B. Impact analysis and reporting
C. Appropriate network segmentation
D. Change management process
A security analyst reviews SIEM logs and discovers the following error event:
ERROR Event ID 4 The Kerberos client received a KRB AP ERR MODIFIED error from the server DBASVRR4S. The target name used was GC/PDC1DC.Domain57/Administrator. This indicates that the target server failed to decrypt the ticket provided by the client. Check if there are identically named server accounts in these two domains, or use the fully qualified name to identify the server.
Which of the following environments does the analyst need to examine to continue troubleshooting the event?
A. Proxy server
B. SQL server
C. Windows domain controller
D. WAF appliance
E. DNS server
Which of the following BEST describes the primary role of a risk assessment as it relates to compliance with risk-based frameworks?
A. It demonstrated the organization's mitigation of risks associated with internal threats.
B. It serves as the basis for control selection.
C. It prescribes technical control requirements.
D. It is an input to the business impact assessment.
A small marketing firm uses many SaaS applications that hold sensitive information. The firm has discovered terminated employees are retaining access to systems for many weeks after their end date. Which of the following would BEST resolve the issue of lingering access?
A. Perform weekly manual reviews on system access to uncover any issues.
B. Set up a privileged access management tool that can fully manage privileged account access.
C. Implement MFA on cloud-based systems.
D. Configure federated authentication with SSO on cloud provider systems.
A security analyst needs to obtain the footprint of the network. The footprint must identify the following information:
1.
TCP and UDP services running on a targeted system
2.
Types of operating systems and versions
3.
Specific applications and versions
Which of the following tools should the analyst use to obtain the data?
A. Prowler
B. Nmap
C. Reaver
D. ZAP
A penetration tester physically enters a datacenter and attaches a small device to a switch. As part of the tester's effort to evaluate which nodes are present on the network, the tester places the network adapter in promiscuous mode and logs traffic for later analysis. Which of the following is the tester performing?
A. Credentialed scanning
B. Passive scanning
C. Protocol analysis
D. SCAP scanning
E. Network segmentation
An organization recently discovered that spreadsheet files containing sensitive financial data were improperly stored on a web server. The management team wants to find out if any of these files were downloaded by public users accessing the server. The results should be written to a text file and should include the date, time, and IP address associated with any spreadsheet downloads. The web server's log file is named webserver.log, and the report file name should be accessreport.txt. Following is a sample of the web server's log file:
2017-10-12 21:01:12 GET /index.html - 84.102.33.7 - return=200 1622
Which of the following commands should be run if an analyst only wants to include entries in which a spreadsheet was successfully downloaded?
A. more webserver.log | grep *.xls > accessreport.txt
B. more webserver.log > grep "*xls" | egrep -E `success' > accessreport.txt
C. more webserver.log | grep -E "return=200 | xls" > accessreport.txt
D. more webserver.log | grep -A *.xls < accessreport.txt
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.