- Home
- CompTIA
- CompTIA Cybersecurity Analyst (CySA+) Certification Exam
- CuramSoftware.CS0-002.v2023-12-20.q153
- Question 7
Valid CS0-002 Dumps shared by ExamDiscuss.com for Helping Passing CS0-002 Exam! ExamDiscuss.com now offer the newest CS0-002 exam dumps, the ExamDiscuss.com CS0-002 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CS0-002 dumps with Test Engine here:
Access CS0-002 Dumps Premium Version
(371 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 7/153
An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions. the user's account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis. The organization has the following reporting priorities when reviewing system activity:
* Successful administrator login reporting priority - high
* Failed administrator login reporting priority - medium
* Failed temporary elevated permissions - low
* Successful temporary elevated permissions - non-reportable
A security analyst is reviewing server syslogs and sees the following:
Which of the following events is the HIGHEST reporting priority?
* Successful administrator login reporting priority - high
* Failed administrator login reporting priority - medium
* Failed temporary elevated permissions - low
* Successful temporary elevated permissions - non-reportable
A security analyst is reviewing server syslogs and sees the following:
Which of the following events is the HIGHEST reporting priority?
Correct Answer: A
Option A shows a successful administrator login from an IP address that is not part of the organization's network. This is a high reporting priority event, because it violates the organization's policy that prohibits users from logging in to the administrator account and it could indicate a compromise of the administrator credentials or a malicious insider. Option B shows a failed administrator login from an IP address that is part of the organization's network. This is a medium reporting priority event, because it could indicate an unauthorized attempt to access the administrator account. Option C shows a failed temporary elevated permission request from a user account that is part of the organization's network. This is a low reporting priority event, because it could indicate a user error or a legitimate need for elevated permission that was denied. Option D shows a successful temporary elevated permission request from a user account that is part of the organization's network. This is a non-reportable event, because it complies with the organization's policy that allows users to escalate permission only as needed and on a temporary basis. Reference: https://www.sans.org/reading-room/whitepapers/logging/detecting-attacks-systems-microsoft-windows-event-logs-2074
- Question List (153q)
- Question 1: A routine vulnerability scan detected a known vulnerability ...
- Question 2: A security analyst needs to provide the development team wit...
- Question 3: While reviewing system logs, a network administrator discove...
- Question 4: During an audit several customer order forms were found to c...
- Question 5: An organization announces that all employees will need to wo...
- Question 6: Which of the following attack techniques has the GREATEST li...
- Question 7: An organization prohibits users from logging in to the admin...
- Question 8: During an incident response procedure, a security analyst ac...
- Question 9: An analyst is responding to an incident within a cloud infra...
- Question 10: A cybersecunty analyst needs to harden a server that is curr...
- Question 11: A customer notifies a security analyst that a web applicatio...
- Question 12: An analyst needs to provide recommendations based on a recen...
- Question 13: Forming a hypothesis, looking for indicators of compromise, ...
- Question 14: An analyst reviews the most recent vulnerability management ...
- Question 15: After examining a header and footer file, a security analyst...
- Question 16: A user reports a malware alert to the help desk. A technicia...
- Question 17: A security analyst is reviewing the following server statist...
- Question 18: Which of the following data exfiltration discoveries would m...
- Question 19: The incident response team is working with a third-party for...
- Question 20: Which of the following factors would determine the regulatio...
- Question 21: A technician working at company.com received the following e...
- Question 22: Wncn ol the following provides an automated approach 10 chec...
- Question 23: An online gaming company was impacted by a ransomware attack...
- Question 24: Which of the following is MOST dangerous to the client envir...
- Question 25: A security analyst wants to capture large amounts of network...
- Question 26: During the onboarding process for a new vendor, a security a...
- Question 27: An analyst is responding 10 an incident involving an attack ...
- Question 28: A manager asks a security analyst lo provide the web-browsin...
- Question 29: An information security analyst is compiling data from a rec...
- Question 30: A cyber-security analyst is implementing a new network confi...
- Question 31: Company A is m the process of merging with Company B As part...
- Question 32: To prioritize the morning's work, an analyst is reviewing se...
- Question 33: A company wants to run a leaner team and needs to deploy a t...
- Question 34: A security analyst reviews the following post-incident infor...
- Question 35: A security analyst is investigate an no client related to an...
- Question 36: Which of the following describes the difference between inte...
- Question 37: A security analyst is concerned the number of security incid...
- Question 38: An analyst determines a security incident has occurred Which...
- Question 39: A product manager is working with an analyst to design a new...
- Question 40: A new variant of malware is spreading on the company network...
- Question 41: A security analyst is performing a Diamond Model analysis of...
- Question 42: An email analysis system notifies a security analyst that th...
- Question 43: Which of the following is the best method to review and asse...
- Question 44: Legacy medical equipment, which contains sensitive data, can...
- Question 45: A company needs to expand Its development group due to an in...
- Question 46: A business recently acquired a software company. The softwar...
- Question 47: A financial organization has offices located globally. Per t...
- Question 48: Which of the following is the BEST option to protect a web a...
- Question 49: Which of the following is the most effective approach to min...
- Question 50: A vulnerability assessment solution is hosted in the cloud T...
- Question 51: An incident response team is responding to a breach of multi...
- Question 52: A forensic analyst is conducting an investigation on a compr...
- Question 53: An organization recently discovered that spreadsheet files c...
- Question 54: While reviewing a vulnerability assessment, an analyst notic...
- Question 55: An organization has the following risk mitigation policies *...
- Question 56: A security analyst is reviewing a firewall usage report that...
- Question 57: A security analyst discovers suspicious activity going to a ...
- Question 58: A security analyst notices the following entry while reviewi...
- Question 59: Which of the following is the best reason why organizations ...
- Question 60: A security analyst is reviewing the following Internet usage...
- Question 61: During an Incident, it Is determined that a customer databas...
- Question 62: Given the output below: #nmap 7.70 scan initiated Tues, Feb ...
- Question 63: A team of network security analysts is examining network tra...
- Question 64: A consultant evaluating multiple threat intelligence leads t...
- Question 65: An organization has a strict policy that if elevated permiss...
- Question 66: An employee observes degraded system performance on a Window...
- Question 67: A digital forensics investigator works from duplicate images...
- Question 68: Which of the following APT adversary archetypes represent no...
- Question 69: A new prototype for a company's flagship product was leaked ...
- Question 70: Which of the following organizational initiatives would be M...
- Question 71: After a remote command execution incident occurred on a web ...
- Question 72: Which of the following is an advantage of continuous monitor...
- Question 73: A security analyst discovers the company's website is vulner...
- Question 74: A security administrator needs to provide access from partne...
- Question 75: A security team has begun updating the risk management plan,...
- Question 76: A company has a cluster of web servers that is critical to t...
- Question 77: A security analyst performs various types of vulnerability s...
- Question 78: A security analyst is investigating a compromised Linux serv...
- Question 79: An organization has the following policy statements: * AlI e...
- Question 80: A company's threat team has been reviewing recent security i...
- Question 81: A security analyst performs a weekly vulnerability scan on a...
- Question 82: A security analyst is reviewing a new Internet portal that w...
- Question 83: An analyst Is reviewing a web developer's workstation for po...
- Question 84: A cybersecurity analyst is concerned about attacks that use ...
- Question 85: An organization wants to implement a privileged access manag...
- Question 86: Which of the following is the greatest security concern rega...
- Question 87: An IT security analyst has received an email alert regarding...
- Question 88: Which of the following incident response components can iden...
- Question 89: Which of the following activities is designed to handle a co...
- Question 90: A security analyst is researching ways to improve the securi...
- Question 91: Which of the following is a difference between SOAR and SCAP...
- Question 92: A security analyst responds to a series of events surroundin...
- Question 93: An organization wants to move non-essential services into a ...
- Question 94: A security analyst is logged on to a jump server to audit th...
- Question 95: Which of the following is the primary reason financial insti...
- Question 96: A security analyst identified one server that was compromise...
- Question 97: Which of the following can detect vulnerable third-parly lib...
- Question 98: An organization has the following vulnerability remediation ...
- Question 99: A security officer needs to find the most cost-effective sol...
- Question 100: A company's application development has been outsourced to a...
- Question 101: A security analyst is reviewing the following log entries to...
- Question 102: Which of the following is the software development process b...
- Question 103: A company wants to configure the environment to allow passiv...
- Question 104: An organization has the following risk mitigation policy: Ri...
- Question 105: An organization discovers motherboards within the environmen...
- Question 106: A security analyst identified some potentially malicious pro...
- Question 107: During the threat modeling process for a new application tha...
- Question 108: Which of the following lines from this output most likely in...
- Question 109: A company's blocklist has outgrown the current technologies ...
- Question 110: A company offers a hardware security appliance to customers ...
- Question 111: Which of the following software assessment methods world pea...
- Question 112: A security analyst is monitoring a company's network traffic...
- Question 113: An online gaming company was impacted by a ransomware attack...
- Question 114: A security analyst found an old version of OpenSSH running o...
- Question 115: A developer is working on a program to convert user-generate...
- Question 116: White reviewing incident reports from the previous night, a ...
- Question 117: An organization is experiencing security incidents in which ...
- Question 118: A company wants to ensure confidential data from its storage...
- Question 119: Which of the following is the BEST way to gather patch infor...
- Question 120: Some hard disks need to be taken as evidence for further ana...
- Question 121: Which of the following SCAP standards provides standardizati...
- Question 122: During a review of recent network traffic, an analyst realiz...
- Question 123: Which of the following is the most important reason to invol...
- Question 124: An application must pass a vulnerability assessment to move ...
- Question 125: As part of the senior leadership team's ongoing nsk manageme...
- Question 126: During routine monitoring a security analyst identified the ...
- Question 127: A company is aiming to test a new incident response plan. Th...
- Question 128: A security analyst is reviewing malware files without runnin...
- Question 129: A company creates digitally signed packages for its devices....
- Question 130: A security analyst is trying to track physical locations of ...
- Question 131: A security analyst is looking at the headers of a few emails...
- Question 132: At which of the following phases of the SDLC shoukJ security...
- Question 133: A security analyst is reviewing WAF alerts and sees the foll...
- Question 134: A security team has begun updating the risk management plan ...
- Question 135: During an incident investigation, a security analyst discove...
- Question 136: A company's legal department is concerned that its incident ...
- Question 137: An organization has a policy that requires servers to be ded...
- Question 138: According to a static analysis report for a web application,...
- Question 139: A Chief Information Security Officer (CISO) is concerned abo...
- Question 140: An organization implemented an extensive firewall access-con...
- Question 141: A security analyst is reviewing the following DNS logs as pa...
- Question 142: During a company's most recent incident, a vulnerability in ...
- Question 143: A social media company is planning an acquisition. Prior to ...
- Question 144: A company's security team recently discovered a number of wo...
- Question 145: During an incident response procedure, a security analyst co...
- Question 146: An organization is developing software to match customers' e...
- Question 147: Which of the following should a database administrator for a...
- Question 148: A company has alerted planning the implemented a vulnerabili...
- Question 149: An internally developed file-monitoring system identified th...
- Question 150: A security analyst is scanning the network to determine if a...
- Question 151: In web application scanning, static analysis refers to scann...
- Question 152: A security analyst is investigating an active threat of the ...
- Question 153: Which of the following solutions is the BEST method to preve...
[×]
Download PDF File
Enter your email address to download CuramSoftware.CS0-002.v2023-12-20.q153.pdf