CompTIA CS0-003 Practice Test - Questions Answers, Page 32

An MSSP received several alerts from customer 1, which caused a missed incident response deadline for customer 2. Which of the following best describes the document that was violated?

A high volume of failed RDP authentication attempts was logged on a critical server within a one-hour period. All of the attempts originated from the same remote IP address and made use of a single valid domain user account. Which of the following would be the most effective mitigating control to reduce the rate of success of this brute-force attack?

An analyst is investigating a phishing incident and has retrieved the following as part of the investigation:

cmd.exe /c c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -NoLogo -NoProfile -EncodedCommand <VERY LONG STRING>

Which of the following should the analyst use to gather more information about the purpose of this command?

The security team at a company, which was a recent target of ransomware, compiled a list of hosts that were identified as impacted and in scope for this incident. Based on the following host list:

Which of the following systems was most pivotal to the threat actor in its distribution of the encryption binary via Group Policy?

Several reports with sensitive information are being disclosed via file sharing services. The company would like to improve its security posture against this threat. Which of the following security controls would best support the company in this scenario?

Which of the following best describes the key goal of the containment stage of an incident response process?

A company is launching a new application in its internal network, where internal customers can communicate with the service desk. The security team needs to ensure the application will be able to handle unexpected strings with anomalous formats without crashing. Which of the following processes is the most applicable for testing the application to find how it would behave in such a situation?

HOTSPOT

An organization has noticed large amounts of data are being sent out of its network. An analyst is identifying the cause of the data exfiltration.

INSTRUCTIONS

Select the command that generated the output in tabs 1 and 2.

Review the output text in all tabs and identify the file responsible for the malicious behavior.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

A healthcare organization must develop an action plan based on the findings from a risk assessment. The action plan must consist of:

* Risk categorization

* Risk prioritization

. Implementation of controls

INSTRUCTIONS

Click on the audit report, risk matrix, and SLA expectations documents to review their contents.

On the Risk categorization tab, determine the order in which the findings must be prioritized for remediation according to the risk rating score. Then, assign a categorization to each risk.

On the Controls tab, select the appropriate control(s) to implement for each risk finding.

Findings may have more than one control implemented. Some controls may be used more than once or not at all.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.