Free CompTIA CS0-003 Übungsprüfungen - Seite 8 von 17

Question #71

Which of the following in the digital forensics process is considered a critical activity that often includes a graphical representation of process and operating system events?

A . Registry editing
B . Network mapping
C . Timeline analysis
D . Write blocking

Lösung einblenden Lösung ausblenden

Question #72

The vulnerability analyst reviews threat intelligence regarding emerging vulnerabilities affecting workstations that are used within the company:

表格

描述已自动生成

Which of the following vulnerabilities should the analyst be most concerned about, knowing that end users frequently click on malicious links sent via email?

A . Vulnerability A
B . Vulnerability B
C . Vulnerability C
D . Vulnerability D

Lösung einblenden Lösung ausblenden

Question #73

After a security assessment was done by a third-party consulting firm, the cybersecurity program recommended integrating DLP and CASB to reduce analyst alert fatigue.

Which of the following is the best possible outcome that this effort hopes to achieve?

A . SIEM ingestion logs are reduced by 20%.
B . Phishing alerts drop by 20%.
C . False positive rates drop to 20%.
D . The MTTR decreases by 20%.

Lösung einblenden Lösung ausblenden

Richtige Antwort: D
D

Explanation:

The MTTR (Mean Time to Resolution) decreases by 20% is the best possible outcome that this effort hopes to achieve, as it reflects the improvement in the efficiency and effectiveness of the incident response process by reducing analyst alert fatigue. Analyst alert fatigue is a term that refers to the phenomenon of security analysts becoming overwhelmed, desensitized, or exhausted by the large number of alerts they receive from various security tools or systems, such as DLP (Data Loss Prevention) or CASB (Cloud Access Security Broker). DLP is a security solution that helps to prevent unauthorized access, use, or transfer of sensitive data, such as personal information, intellectual property, or financial records. CASB is a security solution that helps to monitor and control the use of cloud-based applications and services, such as SaaS (Software as a Service), PaaS (Platform as a Service), or IaaS (Infrastructure as a Service). Both DLP and CASB can generate alerts when they detect potential data breaches, policy violations, or malicious activities, but they can also produce false positives, irrelevant information, or duplicate notifications that can overwhelm or distract the security analysts. Analyst alert fatigue can have negative consequences for the security posture and performance of an organization, such as missing or ignoring critical alerts, delaying or skipping investigations or remediations, making errors or mistakes, or losing motivation or morale. Therefore, it is important to reduce analyst alert fatigue and optimize the alert management process by using various strategies, such as tuning the alert thresholds and rules, prioritizing and triaging the alerts based on severity and context, enriching and correlating the alerts with additional data sources, automating or orchestrating repetitive or low-level tasks or actions, or integrating and consolidating different security tools or systems into a unified platform. By reducing analyst alert fatigue and optimizing the alert management process, the effort hopes to achieve a decrease in the MTTR, which is a metric that measures the average time it takes to resolve an incident from the moment it is reported to the moment it is closed. A lower MTTR indicates a faster and more effective incident response process, which can help to minimize the impact and damage of security incidents, improve customer satisfaction and trust, and enhance security operations and outcomes. The other options are not as relevant or realistic as the MTTR decreases by 20%, as they do not reflect the best possible outcome that this effort hopes to achieve. SIEM ingestion logs are reduced by 20% is not a relevant outcome, as it does not indicate any improvement in the incident response process or any reduction in analyst alert fatigue. SIEM (Security Information and Event Management) is a security solution that collects and analyzes data from various sources, such as logs, events, or alerts, and provides security monitoring, threat detection, and incident response capabilities. SIEM ingestion logs are records of the data that is ingested by the SIEM system from different sources. Reducing SIEM ingestion logs may imply less data volume or less data sources for the SIEM system, which may not necessarily improve its performance or accuracy. Phishing alerts drop by 20% is not a realistic outcome, as it does not depend on the integration of DLP and CASB or any reduction in analyst alert fatigue. Phishing alerts are notifications that indicate potential phishing attempts or attacks, such as fraudulent emails, websites, or messages that try to trick users into revealing sensitive information or installing malware. Phishing alerts can be generated by various security tools or systems, such as email security solutions, web security solutions, endpoint security solutions, or user awareness training programs. Reducing phishing alerts may imply less phishing attempts or attacks on the organization, which may not necessarily be influenced by the integration of DLP and CASB or any reduction in analyst alert fatigue. False positive rates drop to 20% is not a realistic outcome

Question #74

A company has the following security requirements:

. No public IPs

・ All data secured at rest

. No insecure ports/protocols

After a cloud scan is completed, a security analyst receives reports that several misconfigurations are putting the company at risk.

Given the following cloud scanner output:

表格

描述已自动生成

Which of the following should the analyst recommend be updated first to meet the security requirements and reduce risks?

A . VM_PRD_DB
B . VM_DEV_DB
C . VM_DEV_Web02
D . VM_PRD_Web01

Lösung einblenden Lösung ausblenden

Question #75

The security team at a company, which was a recent target of ransomware, compiled a list of hosts that were identified as impacted and in scope for this incident.

Based on the following host list:

Which of the following systems was most pivotal to the threat actor in its distribution of the encryption binary via Group Policy?

A . SQL01
B . WK10-Sales07
C . WK7-Plant01
D . DCEast01
E . HQAdmin9

Lösung einblenden Lösung ausblenden

Question #76

A security analyst discovers the accounting department is hosting an accounts receivable form on a public document service. Anyone with the link can access it.

Which of the following threats applies to this situation?

A . Potential data loss to external users
B . Loss of public/private key management
C . Cloud-based authentication attack
D . Identification and authentication failures

Lösung einblenden Lösung ausblenden

Question #77

Due to an incident involving company devices, an incident responder needs to take a mobile phone to the lab for further investigation.

Which of the following tools should be used to maintain the integrity of the mobile phone while it is transported? (Select two).

A . Signal-shielded bag
B . Tamper-evident seal
C . Thumb drive
D . Crime scene tape
E . Write blocker
F . Drive duplicator

Lösung einblenden Lösung ausblenden

Question #78

A security analyst who works in the SOC receives a new requirement to monitor for indicators of

compromise.

Which of the following is the first action the analyst should take in this situation?

A . Develop a dashboard to track the indicators of compromise.
B . Develop a query to search for the indicators of compromise.
C . Develop a new signature to alert on the indicators of compromise.
D . Develop a new signature to block the indicators of compromise.

Lösung einblenden Lösung ausblenden

Question #79

New employees in an organization have been consistently plugging in personal webcams despite the company policy prohibiting use of personal devices. The SOC manager discovers that new employees are not aware of the company policy.

Which of the following will the SOC manager most likely recommend to help ensure new employees are accountable for following the company policy?

A . Human resources must email a copy of a user agreement to all new employees
B . Supervisors must get verbal confirmation from new employees indicating they have read the user agreement
C . All new employees must take a test about the company security policy during the cjitoardmg process
D . All new employees must sign a user agreement to acknowledge the company security policy

Lösung einblenden Lösung ausblenden

Question #80

A report contains IoC and TTP information for a zero-day exploit that leverages vulnerabilities in a specific version of a web application.

Which of the following actions should a SOC analyst take first after receiving the report?

A . Implement a vulnerability scan to determine whether the environment is at risk.
B . Block the IP addresses and domains from the report in the web proxy and firewalls.
C . Verify whether the information is relevant to the organization.
D . Analyze the web application logs to identify any suspicious or malicious activity.

Lösung einblenden Lösung ausblenden