ExamGecko
Home / CompTIA / SK0-005 / List of questions
Ask Question

CompTIA SK0-005 Practice Test - Questions Answers, Page 53

Add to Whishlist

List of questions

Question 521

Report Export Collapse

A security engineer must ensure that sensitive corporate information is not exposed if a company laptop is stolen. Which of the following actions best addresses this requirement?

Become a Premium Member for full access
  Unlock Premium Member

Question 522

Report Export Collapse

A global organization wants to manage all endpoint and user telemetry. The organization also needs to differentiate this data based on which office it is correlated to. Which of the following strategies best aligns with this goal?

Become a Premium Member for full access
  Unlock Premium Member

Question 523

Report Export Collapse

A company that uses several cloud applications wants to properly identify:

All the devices potentially affected by a given vulnerability.

All the internal servers utilizing the same physical switch.

The number of endpoints using a particular operating system.

Which of the following is the best way to meet the requirements?

Become a Premium Member for full access
  Unlock Premium Member

Question 524

Report Export Collapse

A senior security engineer flags the following log file snippet as having likely facilitated an attacker's lateral movement in a recent breach:

qry_source: 19.27.214.22 TCP/53

qry_dest: 199.105.22.13 TCP/53

qry_type: AXFR

| in comptia.org

------------ directoryserver1 A 10.80.8.10

------------ directoryserver2 A 10.80.8.11

------------ directoryserver3 A 10.80.8.12

------------ internal-dns A 10.80.9.1

----------- www-int A 10.80.9.3

------------ fshare A 10.80.9.4

------------ sip A 10.80.9.5

------------ msn-crit-apcs A 10.81.22.33

Which of the following solutions, if implemented, would mitigate the risk of this issue reoccurring?

Become a Premium Member for full access
  Unlock Premium Member

Question 525

Report Export Collapse

After a penetration test on the internal network, the following report was generated:

Attack Target Result

Compromised host ADMIN01S.CORP.LOCAL Successful

Hash collected KRBTGT.CORP.LOCAL Successful

Hash collected SQLSV.CORP.LOCAL Successful

Pass the hash SQLSV.CORP.LOCAL Failed

Domain control CORP.LOCAL Successful

Which of the following should be recommended to remediate the attack?

Become a Premium Member for full access
  Unlock Premium Member

Question 526

Report Export Collapse

After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation. Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?

Become a Premium Member for full access
  Unlock Premium Member

Question 527

Report Export Collapse

4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20

6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00

50 45 00 00 4c 01 03 00 34 6d be 66 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 05 00 00 70 00 00 00 10 00 00 00 d0 00 00 70 4c 01 00 00 e0 00 00 00 50 01 00 00 00 40 00

00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00

00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00

Attempts to run the code in a sandbox produce no results. Which of the following should the malware analyst do next to further analyze the malware and discover useful IoCs?

Become a Premium Member for full access
  Unlock Premium Member

Question 528

Report Export Collapse

A security engineer is implementing a code signing requirement for all code developed by the organization. Currently, the PKI only generates website certificates. Which of the following steps should the engineer perform first?

Become a Premium Member for full access
  Unlock Premium Member

Question 529

Report Export Collapse

Which of the following are risks associated with vendor lock-in? (Select two).

Become a Premium Member for full access
  Unlock Premium Member

Question 530

Report Export Collapse

An auditor is reviewing the logs from a web application to determine the source of an incident. The web application architecture includes an internet-accessible application load balancer, a number of web servers in a private subnet, application servers, and one database server in a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:

Web server logs:

192.168.1.10 - - [24/Oct/2020 11:24:34 +05:00] 'GET /bin/bash' HTTP/1.1' 200 453 Safari/536.36

192.168.1.10 - - [24/Oct/2020 11:24:35 +05:00] 'GET / HTTP/1.1' 200 453 Safari/536.36

Application server logs:

24/Oct/2020 11:24:34 +05:00 - 192.168.2.11 - request does not match a known local user. Querying DB

24/Oct/2020 11:24:35 +05:00 - 192.168.2.12 - root path. Begin processing

Database server logs:

24/Oct/2020 11:24:34 +05:00 [Warning] 'option read_buffer_size1 unassigned value 0 adjusted to 2048

24/Oct/2020 11:24:35 +05:00 [Warning] CA certificate ca.pem is self-signed.

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

Become a Premium Member for full access
  Unlock Premium Member
Total 530 questions
Go to page: of 53
Search

Related questions