SY0-501 Exam Dumps | A security analyst notices anomalous activity coming from several workstations in the organizations.

Home
CompTIA
CompTIA Security+ Certification Exam
CompTIA.SY0-501.v2018-08-14.q135
Question 28

Valid SY0-501 Dumps shared by ExamDiscuss.com for Helping Passing SY0-501 Exam! ExamDiscuss.com now offer the newest SY0-501 exam dumps, the ExamDiscuss.com SY0-501 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SY0-501 dumps with Test Engine here:

Access SY0-501 Dumps Premium Version
(715 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 28/135

A security analyst notices anomalous activity coming from several workstations in the organizations. Upon identifying and containing the issue, which of the following should the security analyst do NEXT?

A. Document findings and processes in the after-action and lessons learned report

B. Notify the IT department that the workstations are to be reimaged and the data restored for reuse

C. Document and lock the workstations in a secure area to establish chain of custody

D. Notify the IT department that the workstations may be reconnected to the network for the users to continue working

Correct Answer: A

Recent Comments (The most recent comments are at the top.)

Anonymous - Aug 15, 2020

Depends on the Recovery plan you are following:
1. Prepare
2. Identification
3. Containment
4. Recovery
5. After action reports/lessons learned.

Based on above, answer should be B re-image the computers.

Melvin Briggs - Feb 26, 2020

Containment and Recovery are both in same step - so next step is review lessons learned and and plan for evidence retention. So answer C, ACTUALLY retaining the evidence is wrong? In step 4 you are only PLANNING evidence retention.
1) Preparation – Planning in advance how to handle and prevent security incidents
2) Detection and Analysis – Encompasses everything from monitoring potential attack vectors, to looking for signs of an incident, to prioritization
3) Containment, Eradication, and Recovery – Developing a containment strategy, identifying and mitigating the hosts and systems under attack, and having a plan for recovery
4) Post-Incident Activity – Reviewing lessons learned and having a plan for evidence retention.
So in which step do you actually retain the evidence, not just PLAN to retain it?

Your email address will not be published. Required fields are marked *

Comment: *

Name: *

Email: *

Rating: *

Verification: *

Question List (135q): 1 commentQuestion 1: A network technician is setting up a segmented network that ...; 1 commentQuestion 2: A Chief Information Officer (CIO) drafts an agreement betwee...; Question 3: Which of the following are methods to implement HA in a web ...; Question 4: A dumpster diver recovers several hard drives from a company...; Question 5: An employee receives an email, which appears to be from the ...; Question 6: Which of the following occurs when the security of a web app...; Question 7: A company is developing a new system that will unlock a comp...; Question 8: Which of the following implements two-factor authentication?...; Question 9: After a user reports slow computer performance, a system adm...; Question 10: Although a web enabled application appears to only allow let...; Question 11: Which of the following can be provided to an AAA system for ...; Question 12: A security engineer is faced with competing requirements fro...; Question 13: A security administrator returning from a short vacation rec...; Question 14: An organization requires users to provide their fingerprints...; Question 15: While reviewing the monthly internet usage it is noted that ...; 1 commentQuestion 16: An administrator is replacing a wireless router. The configu...; Question 17: A wireless network uses a RADIUS server that is connected to...; Question 18: A director of IR is reviewing a report regarding several rec...; Question 19: A security administrator is creating a subnet on one of the ...; Question 20: Which of the following differentiates a collision attack fro...; Question 21: Which of the following are the MAIN reasons why a systems ad...; Question 22: An attacker discovers a new vulnerability in an enterprise a...; Question 23: A network administrator wants to ensure that users do not co...; Question 24: A new mobile application is being developed in-house. Securi...; Question 25: An analyst is reviewing a simple program for potential secur...; Question 26: Which of the following cryptography algorithms will produce ...; Question 27: A security analyst observes the following events in the logs...; 2 commentQuestion 28: A security analyst notices anomalous activity coming from se...; Question 29: The availability of a system has been labeled as the highest...; Question 30: A senior incident response manager receives a call about som...; Question 31: When trying to log onto a company's new ticketing system, so...; Question 32: A group of non-profit agencies wants to implement a cloud se...; Question 33: Malicious traffic from an internal network has been detected...; Question 34: An organization has hired a penetration tester to test the s...; Question 35: A security administrator is developing controls for creating...; Question 36: Users report the following message appears when browsing to ...; Question 37: An organization's internal auditor discovers that large sums...; Question 38: A mobile device user is concerned about geographic positioni...; Question 39: A web application is configured to target browsers and allow...; Question 40: Which of the following must be intact for evidence to be adm...; Question 41: A technician suspects that a system has been compromised. Th...; Question 42: Which of the following would MOST likely appear in an uncred...; Question 43: A security analyst accesses corporate web pages and inputs r...; Question 44: A network administrator wants to implement a method of secur...; Question 45: A company is using a mobile device deployment model in which...; Question 46: A user is presented with the following items during the new-...; Question 47: Which of the following cryptographic attacks would salting o...; Question 48: When identifying a company's most valuable assets as part of...; Question 49: A botnet has hit a popular website with a massive number of ...; Question 50: Company policy requires the use if passphrases instead if pa...; Question 51: An organization's primary datacenter is experiencing a two-d...; Question 52: After a merger between two companies a security analyst has ...; Question 53: A member of a digital forensics team, Joe arrives at a crime...; Question 54: A security analyst is hardening an authentication server. On...; Question 55: An incident responder receives a call from a user who report...; Question 56: A user of the wireless network is unable to gain access to t...; Question 57: After an identified security breach, an analyst is tasked to...; Question 58: An application developer is designing an application involvi...; Question 59: An application team is performing a load-balancing test for ...; Question 60: A portable data storage device has been determined to have m...; Question 61: Which of the following types of cloud infrastructures would ...; Question 62: A security administrator suspects a MITM attack aimed at imp...; Question 63: Adhering to a layered security approach, a controlled access...; Question 64: An information security specialist is reviewing the followin...; Question 65: A security analyst is investigating a suspected security bre...; Question 66: A user clicked an email link that led to a website than infe...; Question 67: When systems, hardware, or software are not supported by the...; Question 68: As part of the SDLC, a third party is hired to perform a pen...; Question 69: A manager suspects that an IT employee with elevated databas...; Question 70: A company is currently using the following configuration: IA...; Question 71: A new firewall has been places into service at an organizati...; Question 72: A security analyst wants to harden the company's VoIP PBX. T...; Question 73: A technician has installed new vulnerability scanner softwar...; Question 74: A bank requires tellers to get manager approval when a custo...; Question 75: A security administrator must implement a system to ensure t...; Question 76: Which of the following works by implanting software on syste...; Question 77: A system administrator wants to provide balance between the ...; Question 78: A company determines that it is prohibitively expensive to b...; Question 79: A security analyst has received the following alert snippet ...; Question 80: An auditor wants to test the security posture of an organiza...; Question 81: An organization's file server has been virtualized to reduce...; Question 82: An analyst wants to implement a more secure wireless authent...; Question 83: A penetration tester finds that a company's login credential...; Question 84: An organization is comparing and contrasting migration from ...; Question 85: Audit logs from a small company's vulnerability scanning sof...; Question 86: A company has a security policy that specifies all endpoint ...; Question 87: Technicians working with servers hosted at the company's dat...; Question 88: A security analyst is hardening a web server, which should a...; Question 89: A security administrator has been assigned to review the sec...; Question 90: A help desk is troubleshooting user reports that the corpora...; Question 91: A database backup schedule consists of weekly full backups p...; Question 92: A department head at a university resigned on the first day ...; Question 93: A company was recently audited by a third party. The audit r...; Question 94: Which of the following technologies employ the use of SAML? ...; Question 95: A security administrator has been tasked with improving the ...; Question 96: Which of the following security controls does an iris scanne...; Question 97: A company has three divisions, each with its own networks an...; Question 98: A manager wants to distribute a report to several other mana...; Question 99: A systems administrator is reviewing the following informati...; Question 100: A company's AUP requires: Passwords must meet complexity req...; Question 101: An organization needs to implement a large PKI. Network engi...; Question 102: Which of the following would meet the requirements for multi...; Question 103: A vulnerability scanner that uses its running service's acce...; Question 104: Joe, an employee, wants to show his colleagues how much he k...; Question 105: Which of the following network vulnerability scan indicators...; Question 106: After a routine audit, a company discovers that engineering ...; Question 107: Which of the following specifically describes the exploitati...; Question 108: Which of the following precautions MINIMIZES the risk from n...; Question 109: During a monthly vulnerability scan, a server was flagged fo...; Question 110: An auditor is reviewing the following output from a password...; Question 111: Which of the following should identify critical systems and ...; Question 112: A technician is configuring a wireless guest network. After ...; Question 113: The security administrator receives an email on a non-compan...; Question 114: A security administrator is trying to encrypt communication....; Question 115: An information security analyst needs to work with an employ...; Question 116: A company wants to host a publicity available server that pe...; Question 117: A security analyst reviews the following output: (Exhibit) T...; Question 118: A copy of a highly confidential salary report was recently f...; Question 119: A system administrator wants to provide for and enforce wire...; Question 120: When considering a third-party cloud service provider, which...; Question 121: An organization is using a tool to perform a source code rev...; Question 122: An administrator has concerns regarding the traveling sales ...; Question 123: Joe, a security administrator, needs to extend the organizat...; Question 124: During a routine audit, it is discovered that someone has be...; Question 125: Before an infection was detected, several of the infected de...; Question 126: In terms of encrypting data, which of the following is BEST ...; Question 127: An employer requires that employees use a key-generating app...; Question 128: A chief Financial Officer (CFO) has asked the Chief Informat...; Question 129: Which of the following encryption methods does PKI typically...; Question 130: An organization wishes to provide better security for its na...; Question 131: A company hires a consulting firm to crawl its Active Direct...; Question 132: Which of the following attack types BEST describes a client-...; Question 133: Two users need to send each other emails over unsecured chan...; Question 134: The Chief Security Officer (CISO) at a multinational banking...; Question 135: A security analyst is testing both Windows and Linux systems...

[×]

Download PDF File

Enter your email address to download CompTIA.SY0-501.v2018-08-14.q135.pdf

Email:

Disclaimer:
Freecram doesn't offer Real GIAC Exam Questions. Freecram doesn't offer Real SAP Exam Questions. Freecram doesn't offer Real (ISC)² Exam Questions. Freecram doesn't offer Real CompTIA Exam Questions. Freecram doesn't offer Real Microsoft Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
Freecram material do not contain actual actual Oracle Exam Questions or material.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation.
Freecram Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc.
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Freecram does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Freecram does not own or claim any ownership on any of the brands.

Question 28/135

Recent Comments (The most recent comments are at the top.)

LEAVE A REPLY

Download PDF File