Question 1

During a review of SIEM alerts, a securrty analyst discovers the SIEM is receiving many alerts per day from the file-integrity monitoring toot about files from a newly deployed application that should not change. Which of the following steps should the analyst complete FIRST to respond to the issue7

Options :

A : Warn the incident response team that the server can be compromised

B : Open a ticket informing the development team about the alerts

C : Check if temporary files are being monitored

D : Dismiss the alert, as the new application is still being adapted to the environment

Answer: C

Question 2

An incident response team is responding to a breach of multiple systems that contain PII and PHI. Disclosing the incident to external entities should be based on:

Options :

A : the responder-s discretion

B : the public relations policy

C : the communication plan

D : senior management-s guidance

Answer: A

Question 3

While reviewing a cyber-risk assessment, an analyst notes there are concerns related to FPGA usage. Which of the following statements would BEST convince the analyst's supervisor to use additional controls?

Options :

A : FPGAs are vulnerable to malware installation and require additional protections for their codebase.

B : FPGAs are expensive to produce. Anti-counterierting safeguards are needed.

C : FPGAs are expensive and can only be programmed once. Code deployment safeguards are needed.

D : FPGAs have an inflexible architecture. Additional training for developers is needed

Answer: D

Question 4

A business recently acquired a software company. The software company's security posture is unknown. However, based on an assessment, there are limited security controls. No significant security monitoring exists. Which of the following is the NEXT step that should be completed to obtain information about the software company's security posture?

Options :

A : Develop an asset inventory to determine the systems within the software company

B : Review relevant network drawings, diagrams and documentation

C : Perform penetration tests against the software company-s Internal and external networks

D : Baseline the software company-s network to determine the ports and protocols in use.

Answer: A

Question 5

An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application The working hypothesis is as follows:

* Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant target

* The platform Is most likely vulnerable to poor patching and Inadequate server hardening, which expose vulnerable services.

* The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.

As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SOL injection attacks Which of the following BEST represents the technique in use?

Options :

A : Improving detection capabilities

B : Bundling critical assets

C : Profiling threat actors and activities

D : Reducing the attack surface area

Answer: D

Smartly Prepare Exam with Free Online CS0-002 Practice Test

Buying Options: