CAS-005 Exam Dumps | A security architect performs a baseline review on the SIEM. The findings indicate that multiple use

<< Prev Question Next Question >>

Question 200/223

A security architect performs a baseline review on the SIEM. The findings indicate that multiple use cases are missing and coverage is limited for defense evasion techniques. Which of the following processes best describes what the architect should do?

A. Implement a TIP on the internal network to facilitate the creation of a use case.

B. Perform a penetration test on critical devices and document IOCs for use cases.

C. Create a list of use cases based on Snort detection rules.

D. Use Sigma to build the logic of the use cases and testing on the SIEM.

Question List (223q): Question 1: In a recent audit, several critical legacy systems, which ar...; Question 2: A malware analyst must examine the following partial file sa...; Question 3: A security engineer wants to stay up-to-date on new detectio...; Question 4: A user reports application access issues to the help desk. T...; Question 5: An organization is researching the automation capabilities f...; Question 6: A company plans to implement a research facility with intell...; Question 7: A company wants to implement a three-tier approach to separa...; Question 8: Which of the following best explains why AI output could be ...; Question 9: While reviewing recent incident reports a security officer d...; Question 10: An organization must provide access to its internal system d...; Question 11: A security architect is performing threat-modeling activitie...; Question 12: A cloud security engineer is setting up a cloud-hosted WAF. ...; Question 13: SIMULATION An incident occurred at Site A when an attacker s...; Question 14: The principal security analyst for a global manufacturer is ...; Question 15: After remote desktop capabilities were deployed in the envir...; Question 16: A cloud security architect has been tasked with selecting th...; Question 17: A security analyst received a report that an internal web pa...; Question 18: While investigating a security event an analyst finds eviden...; Question 19: A security officer is requiring all personnel working on a s...; Question 20: An IT department is currently working to implement an enterp...; Question 21: A company wants to prevent a partner company from denying ag...; Question 22: A security engineer needs to create multiple servers in a co...; Question 23: An analyst has prepared several possible solutions to a succ...; Question 24: A software engineer is creating a CI/CD pipeline to support ...; Question 25: A company must meet the following security requirements when...; Question 26: A security analyst reviews the following event timeline from...; Question 27: A company wants to perform threat modeling on an internally ...; Question 28: Which of the following explains why an organization should c...; Question 29: A company is migrating from company-owned phones to a BYOD s...; Question 30: A security engineer wants to reduce the attack surface of a ...; Question 31: A developer makes a small change to a resource allocation mo...; Question 32: A security analyst reviews the following report: (Exhibit) W...; Question 33: During DAST scanning, applications are consistently reportin...; Question 34: A university issues badges through a homegrown identity mana...; Question 35: Due to an infrastructure optimization plan, a company has mo...; Question 36: An organization wants to implement a platform to better iden...; Question 37: A company needs a highly secure method to transfer documents...; Question 38: A company recently experienced an incident in which an advan...; Question 39: Which of the following is the best way to protect the websit...; Question 40: A systems administrator decides to take a programmatic appro...; Question 41: A company was recently infected by malware. During the root ...; Question 42: A security engineer added a new server to the company email ...; Question 43: Based on the results of a SAST report on a legacy applicatio...; Question 44: During a gap assessment, an organization notes that BYOD usa...; Question 45: A company currently uses manual processes to regularly addre...; Question 46: A company's help desk is experiencing a large number of call...; Question 47: An organization would like to increase the effectiveness of ...; Question 48: A security architect is onboarding a new EDR agent on server...; Question 49: A central bank implements strict risk mitigations for the ha...; Question 50: A pharmaceutical lab hired a consultant to identify potentia...; Question 51: An external threat actor attacks public infrastructure provi...; Question 52: Which of the following items should be included when craftin...; Question 53: A company implemented a NIDS and a NIPS on the most critical...; Question 54: During an adversarial simulation exercise, an external team ...; Question 55: A company updates its cloud-based services by saving infrast...; Question 56: An auditor is reviewing the logs from a web application to d...; Question 57: A customer requires secure communication of subscribed web s...; Question 58: An endpoint security engineer finds that a newly acquired co...; Question 59: A company needs to define a new road map for improving secur...; Question 60: During a security review for the CI/CD process, a security e...; Question 61: A hospital provides tablets to its medical staff to enable t...; Question 62: A water treatment plant uses specialized systems to control ...; Question 63: A security engineer performed a code scan that resulted in m...; Question 64: A security configure is building a solution to disable weak ...; Question 65: A security architect wants to prevent security impacts from ...; Question 66: A company acquires a location with a large infrastructure of...; Question 67: Embedded malware has been discovered in a popular PDF reader...; Question 68: A security engineer needs 10 secure the OT environment based...; Question 69: An organization found a significant vulnerability associated...; Question 70: Which of the following utilizes policies that route packets ...; Question 71: A government agency implements a configuration that disables...; Question 72: An organization handles sensitive information that must be d...; Question 73: A security engineer would like to control configurations on ...; Question 74: A company is developing a new service product offering that ...; Question 75: A company that relies on an COL system must keep it operatin...; Question 76: A threat intelligence company's business objective is to all...; Question 77: An organization has noticed an increase in phishing campaign...; Question 78: A security engineer must integrate device attestation into u...; Question 79: A cyberanalyst has been tasked with recovering PDF files fro...; Question 80: A user tried to access a web page at http://10.1.1.1. Previo...; Question 81: A global organization is reviewing potential vendors to outs...; Question 82: An analyst reviews a SIEM and generates the following report...; Question 83: Which of the following are risks associated with vendor lock...; Question 84: A security analyst discovers a compromised internal server a...; Question 85: A company is migrating from a Windows Server to Linux-based ...; Question 86: A retail organization wants to properly test and verify its ...; Question 87: A security team is creating tickets to track the progress of...; Question 88: During a recent security event, access from the non-producti...; Question 89: A company reduced its staff 60 days ago, and applications ar...; Question 90: A security engineer receives reports through the organizatio...; Question 91: After a cybersecurity incident, a security analyst was able ...; Question 92: A company notices that cloud environment costs increased aft...; Question 93: Engineers are unable to control pumps at Site A from Site B ...; Question 94: A malware researcher has discovered a credential stealer is ...; Question 95: A hospital provides tablets to its medical staff to enable t...; Question 96: A security manager is creating a connection between two netw...; Question 97: A security engineer is troubleshooting an outage of a site-t...; Question 98: An organization determined its preparedness for a ransomware...; Question 99: To prevent data breaches, security leaders at a company deci...; Question 100: A Chief Information Security Officer is concerned about the ...; Question 101: A security engineer needs to remediate a SWEET32 vulnerabili...; Question 102: A company's Chief Information Security Officer learns that t...; Question 103: An organization recently migrated data to a new file managem...; Question 104: A company wants to modify its process to comply with privacy...; Question 105: A software developer is working on a piece of code required ...; Question 106: An organization decides to move to a distributed workforce m...; Question 107: An organization is prioritizing efforts to remediate or miti...; Question 108: Which of the following includes best practices for validatin...; Question 109: A Chief Information Security Officer (CISO) is concerned tha...; Question 110: A security engineer is implementing security measures on new...; Question 111: A senior cybersecurity engineer is solving a digital certifi...; Question 112: A company finds logs with modified time stamps when compared...; Question 113: Company A is merging with Company B. Company A is a small, l...; Question 114: During a periodic internal audit, a company identifies a few...; Question 115: A security architect for a global organization with a distri...; Question 116: A Chief Information Security Officer requests an action plan...; Question 117: A company hired an email service provider called my-email.co...; Question 118: A security architect examines a section of code and discover...; Question 119: A security architect discovers the following while reviewing...; Question 120: A security analyst is reviewing suspicious log-in activity a...; Question 121: Which of the following best describes the challenges associa...; Question 122: An engineer wants to automate several tasks by running comma...; Question 123: A security analyst collects the logs from the web server tha...; Question 124: An organization is looking to establish more robust security...; Question 125: A security architect must implement security controls in a s...; Question 126: SIMULATION A security engineer needs to review the configura...; Question 127: During a recent assessment, a security analyst observed the ...; Question 128: A security engineer is developing a solution to meet the fol...; Question 129: An organization has deployed a cloud-based application that ...; Question 130: A DNS forward lookup zone named comptia.org must: - Ensure t...; Question 131: The security team is receiving escalated support tickets sta...; Question 132: A systems administrator wants to introduce a newly released ...; Question 133: An organization hires a security consultant to establish a S...; Question 134: A security engineer is assessing a new tool to segment data ...; Question 135: A SIEM generated an alert after a third-party database admin...; Question 136: A compliance officer is reviewing the data sovereignty laws ...; Question 137: Which of the following best describes the reason a network a...; Question 138: Due to budget constraints, an organization created a policy ...; Question 139: A company wants to implement hardware security key authentic...; Question 140: Audit findings indicate several user endpoints are not utili...; Question 141: An organization that performs real-time financial processing...; Question 142: An organization is increasing its focus on training that add...; Question 143: A Chief Information Security Officer (CISO) is developing a ...; Question 144: A global company's Chief Financial Officer (CFO) receives a ...; Question 145: A security analyst notices a number of SIEM events that show...; Question 146: An audit finding reveals that a legacy platform has not reta...; Question 147: A company that provides services to clients who work with hi...; Question 148: A hospital's requirements for remote third-party monitoring ...; Question 149: A security analyst was monitoring the networks of a group of...; Question 150: Which of the following best describes the advantage of homom...; Question 151: An organization is developing an AI-enabled digital worker t...; Question 152: The information security manager at a 24-hour manufacturing ...; Question 153: A company's internal network is experiencing a security brea...; Question 154: A security team is responding to malicious activity and need...; Question 155: A security analyst wants to use lessons learned from a prior...; Question 156: A security engineer is developing a solution to meet the fol...; Question 157: A security engineer is given the following requirements: - A...; Question 158: A security audit of a company's application finds that custo...; Question 159: Which of the following security risks should be considered a...; Question 160: During a security assessment using an EDR solution, a securi...; Question 161: A building camera is remotely accessed and disabled from the...; Question 162: Employees use their badges to track the number of hours they...; Question 163: After an increase in adversarial activity, a company wants t...; Question 164: A company is decommissioning old servers and hard drives tha...; Question 165: A security analyst detects a possible RAT infection on a com...; Question 166: A company that provides kiosk workstations wants to improve ...; Question 167: A recent security audit identified multiple endpoints have t...; Question 168: SIMULATION An organization is planning for disaster recovery...; Question 169: An attacker infiltrated the code base of a hardware manufact...; Question 170: A company that uses several cloud applications wants to prop...; Question 171: A programmer is reviewing the following proprietary piece of...; Question 172: Due to reports of malware targeting companies in the same in...; Question 173: As part of a new software development method, a program mana...; Question 174: A systems administrator needs to address risks associated wi...; Question 175: After an organization met with its ISAC, the organization de...; Question 176: A security analyst is reviewing a SIEM and generates the fol...; Question 177: A company sells a security appliance assembled from globally...; Question 178: A pharmaceutical company acquired a growing startup. The pha...; Question 179: A systems administrator needs to identify new attacks that c...; Question 180: A security architect is implementing more restrictive polici...; Question 181: A security architect wants to ensure a remote host's identit...; Question 182: An enterprise is deploying APIs that utilize a private key a...; Question 183: A company is developing an application that will be used to ...; Question 184: Users are experiencing a variety of issues when trying to ac...; Question 185: Company A acquired Company B and needs to determine how the ...; Question 186: A security engineer wants to enhance the security posture of...; Question 187: A global company with a remote workforce implemented a new V...; Question 188: A vulnerability can on a web server identified the following...; Question 189: An incident response team completed recovery from offline ba...; Question 190: After a company discovered a zero-day vulnerability in its V...; Question 191: A security analyst wants to keep track of all outbound web c...; Question 192: The identity and access management team is sending logs to t...; Question 193: Developers have been creating and managing cryptographic mat...; Question 194: A game developer wants to reach new markets and is advised b...; Question 195: A compliance officer is facilitating a business impact analy...; Question 196: Which of the following best describes a risk associated with...; Question 197: A security manager at a local hospital wants to secure patie...; Question 198: Which of the following is the reason why security engineers ...; Question 199: A firewall administrator needs to ensure all traffic across ...; Question 200: A security architect performs a baseline review on the SIEM....; Question 201: The security team is looking into aggressive bot behavior th...; Question 202: After the latest risk assessment, the Chief Information Secu...; Question 203: The material findings from a recent compliance audit indicat...; Question 204: The results of an internal audit indicate several employees ...; Question 205: An organization is looking for gaps in its detection capabil...; Question 206: A technician is reviewing the logs and notices a large numbe...; Question 207: A security analyst is performing a review of a web applicati...; Question 208: After a vendor identified a recent vulnerability, a severity...; Question 209: A security analyst reviews network logs and notices a large ...; Question 210: A company receives several complaints from customers regardi...; Question 211: A security professional is investigating a trend in vulnerab...; Question 212: SIMULATION You are a security analyst tasked with interpreti...; Question 213: A security analyst detected unusual network traffic related ...; Question 214: While investigating an email server that crashed, an analyst...; Question 215: An organization wants to create a threat model to identity v...; Question 216: Which of the following key management practices ensures that...; Question 217: An organization with a remote workforce has a new client wit...; Question 218: To bring digital evidence in a court of law, the evidence mu...; Question 219: After an incident response exercise, a security administrato...; Question 220: A company moved its on-premises services to the cloud. Altho...; Question 221: A company that operates in different countries has local ema...; Question 222: A company recently acquired a SaaS company and performed a g...; Question 223: An organization has been using self-managed encryption keys ...

Question 200/223

LEAVE A REPLY

Download PDF File