CompTIA CS0-003 Quiz 1 Topic 5 Questions 1-5

Question: 1

A security analyst is reviewing the following log entries to identify anomalous activity:

q1_CS0-003

Which of the following attack types is occurring?

ADirectory traversal

BSQL injection

CBuffer overflow

DCross-site scripting

Show Answer

Question: 2

Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?

AThe lead should review what is documented in the incident response policy or plan

BManagement level members of the CSIRT should make that decision

CThe lead has the authority to decide who to communicate with at any t me

DSubject matter experts on the team should communicate with others within the specified area of expertise

Show Answer

Question: 3

Which of the following is an important aspect that should be included in the lessons-learned step after an incident?

AIdentify any improvements or changes in the incident response plan or procedures

BDetermine if an internal mistake was made and who did it so they do not repeat the error

CPresent all legal evidence collected and turn it over to iaw enforcement

DDiscuss the financial impact of the incident to determine if security controls are well spent

Show Answer

Question: 4

An incident response team found IoCs in a critical server. The team needs to isolate and collect technical evidence for further investigation. Which of the following pieces of data should be collected first in order to preserve sensitive information before isolating the server?

AHard disk

BPrimary boot partition

CMalicious tiles

DRouting table

EStatic IP address

Show Answer

Question: 5

A technician working at company.com received the following email:

q5_CS0-003

After looking at the above communication, which of the following should the technician recommend to the security team to prevent exposure of sensitive information and reduce the risk of corporate data being stored on non-corporate assets?

AForwarding of corporate email should be disallowed by the company.

BA VPN should be used to allow technicians to troubleshoot computer issues securely.

CAn email banner should be implemented to identify emails coming from external sources.

DA rule should be placed on the DLP to flag employee IDs and serial numbers.

Show Answer

A security analyst is reviewing the following log entries to identify anomalous activity:
Which of the following attack types is occurring?

Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?

Which of the following is an important aspect that should be included in the lessons-learned step after an incident?

An incident response team found IoCs in a critical server. The team needs to isolate and collect technical evidence for further investigation. Which of the following pieces of data should be collected first in order to preserve sensitive information before isolating the server?

CompTIA CS0-003 Quiz:1 Topic:5 Questions:1-5

A security analyst is reviewing the following log entries to identify anomalous activity:Which of the following attack types is occurring?

Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?

Which of the following is an important aspect that should be included in the lessons-learned step after an incident?

An incident response team found IoCs in a critical server. The team needs to isolate and collect technical evidence for further investigation. Which of the following pieces of data should be collected first in order to preserve sensitive information before isolating the server?

CompTIA CS0-003 Quiz:1 Topic:5 Questions:1-5

A security analyst is reviewing the following log entries to identify anomalous activity:
Which of the following attack types is occurring?