CS0-002

A security analyst is reviewing the logs from an internal chat server. The chat.log file is too large to review manually, so the analyst wants to create a shorter log file that only includes lines associated with a user demonstrating anomalous activity. Below is a snippet of the log: Which...

Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII?A . Human resourcesB . Public relationsC . MarketingD . Internal network operations centerView AnswerAnswer: B

Which of the following roles is ultimately responsible for determining the classification levels assigned to specific data sets?A . Data custodianB . Data ownerC . Data processorD . Senior managementView AnswerAnswer: B Explanation: Reference: https://www.pearsonitcertification.com/articles/article.aspx?p=2731933&seqNum=3

An analyst is participating in the solution analysis process for a cloud-hosted SIEM platform to centralize log monitoring and alerting capabilities in the SOC. Which of the following is the BEST approach for supply chain assessment when selecting a vendor?A . Gather information from providers, including datacenter specifications and copies...

A security analyst on the threat-hunting team has developed a list of unneeded, benign services that are currently running as part of the standard OS deployment for workstations. The analyst will provide this list to the operations team to create a policy that will automatically disable the services for all...

During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website. Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in...

An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems. As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue?A . Copies of prior...

A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company's server. Which of the following is the FIRST step the analyst should take?A . Create a full disk image of the server's hard drive to look for the file containing the malware.B . Run a manual antivirus...

A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http://<malwaresource>/a.php in a phishing email. To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the.A . email server that automatically deletes attached executables.B...

A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL: Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?A . PC1B . PC2C . Server1D . Server2E . FirewallView AnswerAnswer: B