- Home
- CompTIA
- CompTIA Cybersecurity Analyst (CySA+) Certification Exam
- CuramSoftware.CS0-002.v2023-12-20.q153
- Question 135
Valid CS0-002 Dumps shared by ExamDiscuss.com for Helping Passing CS0-002 Exam! ExamDiscuss.com now offer the newest CS0-002 exam dumps, the ExamDiscuss.com CS0-002 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CS0-002 dumps with Test Engine here:
Access CS0-002 Dumps Premium Version
(371 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 135/153
During an incident investigation, a security analyst discovers the web server is generating an unusually high volume of logs The analyst observes the following response codes:
* 20% of the logs are 403
* 20% of the logs are 404
* 50% of the logs are 200
* 10% of the logs are other codes
The server generates 2MB of logs on a daily basis, and the current day log is over 200MB. Which of the following commands should the analyst use to identify the source of the activity?
* 20% of the logs are 403
* 20% of the logs are 404
* 50% of the logs are 200
* 10% of the logs are other codes
The server generates 2MB of logs on a daily basis, and the current day log is over 200MB. Which of the following commands should the analyst use to identify the source of the activity?
Correct Answer: B
Requests sent from the same IP address using different user agents are likely to be malicious or suspicious, as they indicate that an attacker is trying to evade detection or bypass security controls by changing their browser or device identification. These requests may indicate that an attacker is using automated tools or scripts to scan or attack the web server.
Requests identified by a threat intelligence service with a bad reputation are also likely to be malicious or suspicious, but they are not the source of the activity, as they originate from different IP addresses. These requests may indicate that an attacker is trying to exploit a vulnerability or perform reconnaissance on the web server.
Requests blocked by the web server per the input sanitization are not likely to be the source of the activity, as they indicate that the web server has successfully prevented an attack by validating and filtering any malicious input from the requests. These requests may indicate that an attacker is trying to inject malicious code or commands into the web server.
Failed log-in attempts against the web application are not likely to be the source of the activity, as they indicate that the web application has successfully prevented unauthorized access by verifying and rejecting any invalid credentials from the requests. These requests may indicate that an attacker is trying to guess or brute-force passwords or usernames for the web application.
Requests sent by NICs with outdated firmware are not likely to be the source of the activity, as they indicate that some devices on the network have not been updated with the latest security patches or features for their network interface cards (NICs). These requests may indicate that some devices are vulnerable to network attacks or have performance issues.
Existence of HTTP/501 status codes generated to the same IP address are not likely to be the source of the activity, as they indicate that the web server has encountered an error or does not support a request method from the client. These requests may indicate that an attacker is trying to use an invalid or unsupported method to access the web server.
Requests identified by a threat intelligence service with a bad reputation are also likely to be malicious or suspicious, but they are not the source of the activity, as they originate from different IP addresses. These requests may indicate that an attacker is trying to exploit a vulnerability or perform reconnaissance on the web server.
Requests blocked by the web server per the input sanitization are not likely to be the source of the activity, as they indicate that the web server has successfully prevented an attack by validating and filtering any malicious input from the requests. These requests may indicate that an attacker is trying to inject malicious code or commands into the web server.
Failed log-in attempts against the web application are not likely to be the source of the activity, as they indicate that the web application has successfully prevented unauthorized access by verifying and rejecting any invalid credentials from the requests. These requests may indicate that an attacker is trying to guess or brute-force passwords or usernames for the web application.
Requests sent by NICs with outdated firmware are not likely to be the source of the activity, as they indicate that some devices on the network have not been updated with the latest security patches or features for their network interface cards (NICs). These requests may indicate that some devices are vulnerable to network attacks or have performance issues.
Existence of HTTP/501 status codes generated to the same IP address are not likely to be the source of the activity, as they indicate that the web server has encountered an error or does not support a request method from the client. These requests may indicate that an attacker is trying to use an invalid or unsupported method to access the web server.
- Question List (153q)
- Question 1: A routine vulnerability scan detected a known vulnerability ...
- Question 2: A security analyst needs to provide the development team wit...
- Question 3: While reviewing system logs, a network administrator discove...
- Question 4: During an audit several customer order forms were found to c...
- Question 5: An organization announces that all employees will need to wo...
- Question 6: Which of the following attack techniques has the GREATEST li...
- Question 7: An organization prohibits users from logging in to the admin...
- Question 8: During an incident response procedure, a security analyst ac...
- Question 9: An analyst is responding to an incident within a cloud infra...
- Question 10: A cybersecunty analyst needs to harden a server that is curr...
- Question 11: A customer notifies a security analyst that a web applicatio...
- Question 12: An analyst needs to provide recommendations based on a recen...
- Question 13: Forming a hypothesis, looking for indicators of compromise, ...
- Question 14: An analyst reviews the most recent vulnerability management ...
- Question 15: After examining a header and footer file, a security analyst...
- Question 16: A user reports a malware alert to the help desk. A technicia...
- Question 17: A security analyst is reviewing the following server statist...
- Question 18: Which of the following data exfiltration discoveries would m...
- Question 19: The incident response team is working with a third-party for...
- Question 20: Which of the following factors would determine the regulatio...
- Question 21: A technician working at company.com received the following e...
- Question 22: Wncn ol the following provides an automated approach 10 chec...
- Question 23: An online gaming company was impacted by a ransomware attack...
- Question 24: Which of the following is MOST dangerous to the client envir...
- Question 25: A security analyst wants to capture large amounts of network...
- Question 26: During the onboarding process for a new vendor, a security a...
- Question 27: An analyst is responding 10 an incident involving an attack ...
- Question 28: A manager asks a security analyst lo provide the web-browsin...
- Question 29: An information security analyst is compiling data from a rec...
- Question 30: A cyber-security analyst is implementing a new network confi...
- Question 31: Company A is m the process of merging with Company B As part...
- Question 32: To prioritize the morning's work, an analyst is reviewing se...
- Question 33: A company wants to run a leaner team and needs to deploy a t...
- Question 34: A security analyst reviews the following post-incident infor...
- Question 35: A security analyst is investigate an no client related to an...
- Question 36: Which of the following describes the difference between inte...
- Question 37: A security analyst is concerned the number of security incid...
- Question 38: An analyst determines a security incident has occurred Which...
- Question 39: A product manager is working with an analyst to design a new...
- Question 40: A new variant of malware is spreading on the company network...
- Question 41: A security analyst is performing a Diamond Model analysis of...
- Question 42: An email analysis system notifies a security analyst that th...
- Question 43: Which of the following is the best method to review and asse...
- Question 44: Legacy medical equipment, which contains sensitive data, can...
- Question 45: A company needs to expand Its development group due to an in...
- Question 46: A business recently acquired a software company. The softwar...
- Question 47: A financial organization has offices located globally. Per t...
- Question 48: Which of the following is the BEST option to protect a web a...
- Question 49: Which of the following is the most effective approach to min...
- Question 50: A vulnerability assessment solution is hosted in the cloud T...
- Question 51: An incident response team is responding to a breach of multi...
- Question 52: A forensic analyst is conducting an investigation on a compr...
- Question 53: An organization recently discovered that spreadsheet files c...
- Question 54: While reviewing a vulnerability assessment, an analyst notic...
- Question 55: An organization has the following risk mitigation policies *...
- Question 56: A security analyst is reviewing a firewall usage report that...
- Question 57: A security analyst discovers suspicious activity going to a ...
- Question 58: A security analyst notices the following entry while reviewi...
- Question 59: Which of the following is the best reason why organizations ...
- Question 60: A security analyst is reviewing the following Internet usage...
- Question 61: During an Incident, it Is determined that a customer databas...
- Question 62: Given the output below: #nmap 7.70 scan initiated Tues, Feb ...
- Question 63: A team of network security analysts is examining network tra...
- Question 64: A consultant evaluating multiple threat intelligence leads t...
- Question 65: An organization has a strict policy that if elevated permiss...
- Question 66: An employee observes degraded system performance on a Window...
- Question 67: A digital forensics investigator works from duplicate images...
- Question 68: Which of the following APT adversary archetypes represent no...
- Question 69: A new prototype for a company's flagship product was leaked ...
- Question 70: Which of the following organizational initiatives would be M...
- Question 71: After a remote command execution incident occurred on a web ...
- Question 72: Which of the following is an advantage of continuous monitor...
- Question 73: A security analyst discovers the company's website is vulner...
- Question 74: A security administrator needs to provide access from partne...
- Question 75: A security team has begun updating the risk management plan,...
- Question 76: A company has a cluster of web servers that is critical to t...
- Question 77: A security analyst performs various types of vulnerability s...
- Question 78: A security analyst is investigating a compromised Linux serv...
- Question 79: An organization has the following policy statements: * AlI e...
- Question 80: A company's threat team has been reviewing recent security i...
- Question 81: A security analyst performs a weekly vulnerability scan on a...
- Question 82: A security analyst is reviewing a new Internet portal that w...
- Question 83: An analyst Is reviewing a web developer's workstation for po...
- Question 84: A cybersecurity analyst is concerned about attacks that use ...
- Question 85: An organization wants to implement a privileged access manag...
- Question 86: Which of the following is the greatest security concern rega...
- Question 87: An IT security analyst has received an email alert regarding...
- Question 88: Which of the following incident response components can iden...
- Question 89: Which of the following activities is designed to handle a co...
- Question 90: A security analyst is researching ways to improve the securi...
- Question 91: Which of the following is a difference between SOAR and SCAP...
- Question 92: A security analyst responds to a series of events surroundin...
- Question 93: An organization wants to move non-essential services into a ...
- Question 94: A security analyst is logged on to a jump server to audit th...
- Question 95: Which of the following is the primary reason financial insti...
- Question 96: A security analyst identified one server that was compromise...
- Question 97: Which of the following can detect vulnerable third-parly lib...
- Question 98: An organization has the following vulnerability remediation ...
- Question 99: A security officer needs to find the most cost-effective sol...
- Question 100: A company's application development has been outsourced to a...
- Question 101: A security analyst is reviewing the following log entries to...
- Question 102: Which of the following is the software development process b...
- Question 103: A company wants to configure the environment to allow passiv...
- Question 104: An organization has the following risk mitigation policy: Ri...
- Question 105: An organization discovers motherboards within the environmen...
- Question 106: A security analyst identified some potentially malicious pro...
- Question 107: During the threat modeling process for a new application tha...
- Question 108: Which of the following lines from this output most likely in...
- Question 109: A company's blocklist has outgrown the current technologies ...
- Question 110: A company offers a hardware security appliance to customers ...
- Question 111: Which of the following software assessment methods world pea...
- Question 112: A security analyst is monitoring a company's network traffic...
- Question 113: An online gaming company was impacted by a ransomware attack...
- Question 114: A security analyst found an old version of OpenSSH running o...
- Question 115: A developer is working on a program to convert user-generate...
- Question 116: White reviewing incident reports from the previous night, a ...
- Question 117: An organization is experiencing security incidents in which ...
- Question 118: A company wants to ensure confidential data from its storage...
- Question 119: Which of the following is the BEST way to gather patch infor...
- Question 120: Some hard disks need to be taken as evidence for further ana...
- Question 121: Which of the following SCAP standards provides standardizati...
- Question 122: During a review of recent network traffic, an analyst realiz...
- Question 123: Which of the following is the most important reason to invol...
- Question 124: An application must pass a vulnerability assessment to move ...
- Question 125: As part of the senior leadership team's ongoing nsk manageme...
- Question 126: During routine monitoring a security analyst identified the ...
- Question 127: A company is aiming to test a new incident response plan. Th...
- Question 128: A security analyst is reviewing malware files without runnin...
- Question 129: A company creates digitally signed packages for its devices....
- Question 130: A security analyst is trying to track physical locations of ...
- Question 131: A security analyst is looking at the headers of a few emails...
- Question 132: At which of the following phases of the SDLC shoukJ security...
- Question 133: A security analyst is reviewing WAF alerts and sees the foll...
- Question 134: A security team has begun updating the risk management plan ...
- Question 135: During an incident investigation, a security analyst discove...
- Question 136: A company's legal department is concerned that its incident ...
- Question 137: An organization has a policy that requires servers to be ded...
- Question 138: According to a static analysis report for a web application,...
- Question 139: A Chief Information Security Officer (CISO) is concerned abo...
- Question 140: An organization implemented an extensive firewall access-con...
- Question 141: A security analyst is reviewing the following DNS logs as pa...
- Question 142: During a company's most recent incident, a vulnerability in ...
- Question 143: A social media company is planning an acquisition. Prior to ...
- Question 144: A company's security team recently discovered a number of wo...
- Question 145: During an incident response procedure, a security analyst co...
- Question 146: An organization is developing software to match customers' e...
- Question 147: Which of the following should a database administrator for a...
- Question 148: A company has alerted planning the implemented a vulnerabili...
- Question 149: An internally developed file-monitoring system identified th...
- Question 150: A security analyst is scanning the network to determine if a...
- Question 151: In web application scanning, static analysis refers to scann...
- Question 152: A security analyst is investigating an active threat of the ...
- Question 153: Which of the following solutions is the BEST method to preve...
[×]
Download PDF File
Enter your email address to download CuramSoftware.CS0-002.v2023-12-20.q153.pdf