- Home
- Curam Software
- CompTIA Cybersecurity Analyst (CySA+) Certification Exam
- CuramSoftware.CS0-003.v2024-09-09.q165
- Question 152
Valid CS0-003 Dumps shared by ExamDiscuss.com for Helping Passing CS0-003 Exam! ExamDiscuss.com now offer the newest CS0-003 exam dumps, the ExamDiscuss.com CS0-003 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CS0-003 dumps with Test Engine here:
Access CS0-003 Dumps Premium Version
(622 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 152/165
During an incident, a security analyst discovers a large amount of Pll has been emailed externally from an employee to a public email address. The analyst finds that the external email is the employee's personal email. Which of the following should the analyst recommend be done first?
Correct Answer: A
Placing a legal hold on the employee's mailbox is the best action to perform first, as it preserves all mailbox content, including deleted items and original versions of modified items, for potential legal or forensic purposes. A legal hold is a feature that allows an administrator to retain mailbox data for a user indefinitely or for a specified period, regardless of the user's actions or retention policies. A legal hold can be applied to a mailbox using Litigation Hold or In-Place Hold in Exchange Server or Exchange Online. A legal hold can help to ensure that evidence of data exfiltration or other malicious activities is not lost or tampered with, and that the organization can comply with any legal or regulatory obligations. The other actions are not as urgent or effective as placing a legal hold on the employee's mailbox, as they do not address the immediate threat of data loss or compromise. Enabling filtering on the web proxy may help to prevent some types of data exfiltration or malicious traffic, but it does not help to recover or preserve the data that has already been emailed externally. Disabling the public email access with CASB (Cloud Access Security Broker) may help to block or monitor the use of public email services by employees, but it does not help to recover or preserve the data that has already been emailed externally.
Configuring a deny rule on the firewall may help to block or monitor the network traffic from the employee's laptop, but it does not help to recover or preserve the data that has already been emailed externally.
Configuring a deny rule on the firewall may help to block or monitor the network traffic from the employee's laptop, but it does not help to recover or preserve the data that has already been emailed externally.
- Question List (165q)
- Question 1: An incident response team is working with law enforcement to...
- Question 2: While reviewing web server logs, a security analyst found th...
- Question 3: A web application team notifies a SOC analyst that there are...
- Question 4: Which of the following threat-modeling procedures is in the ...
- Question 5: An organization's email account was compromised by a bad act...
- Question 6: A company has decided to expose several systems to the inter...
- Question 7: A company uses an FTP server to support its critical busines...
- Question 8: A security analyst scans a host and generates the following ...
- Question 9: An analyst finds that an IP address outside of the company n...
- Question 10: An employee downloads a freeware program to change the deskt...
- Question 11: A threat hurting team received a new loC from an ISAC that f...
- Question 12: A security analyst is trying to validate the results of a we...
- Question 13: An analyst is reviewing the following output as part of an i...
- Question 14: A security alert was triggered when an end user tried to acc...
- Question 15: An incident response team member is triaging a Linux server....
- Question 16: An organization needs to bring in data collection and aggreg...
- Question 17: Which of the following best describes the goal of a disaster...
- Question 18: A security analyst is writing a shell script to identify IP ...
- Question 19: Which of the following is a useful tool for mapping, trackin...
- Question 20: A security analyst must preserve a system hard drive that wa...
- Question 21: A software developer is correcting the error-handling capabi...
- Question 22: During a scan of a web server in the perimeter network, a vu...
- Question 23: The Chief Information Security Officer (CISO) of a large fin...
- Question 24: A security analyst recently joined the team and is trying to...
- Question 25: A security analyst is reviewing the following alert that was...
- Question 26: A security analyst found an old version of OpenSSH running o...
- Question 27: A security analyst discovers an ongoing ransomware attack wh...
- Question 28: A company's domain has been spooled in numerous phishing cam...
- Question 29: Due to reports of unauthorized activity that was occurring o...
- Question 30: A security analyst has found the following suspicious DNS tr...
- Question 31: Hotspot Question A security analyst performs various types o...
- Question 32: An employee accessed a website that caused a device to becom...
- Question 33: An analyst is becoming overwhelmed with the number of events...
- Question 34: A security analyst is trying to identify anomalies on the ne...
- Question 35: The management team requests monthly KPI reports on the comp...
- Question 36: An analyst has received an IPS event notification from the S...
- Question 37: Chief Information Security Officer (CISO) wants to disable a...
- Question 38: A cybersecurity analyst notices unusual network scanning act...
- Question 39: A SOC manager receives a phone call from an upset customer. ...
- Question 40: Which of the following is a nation-state actor least likely ...
- Question 41: A security analyst needs to ensure that systems across the o...
- Question 42: Which of the following best describes the threat concept in ...
- Question 43: An IT security analyst has received an email alert regarding...
- Question 44: An organization's threat intelligence team notes a recent tr...
- Question 45: Which of the following are the MOST likely reasons lo includ...
- Question 46: A security team conducts a lessons-learned meeting after str...
- Question 47: The SOC received a threat intelligence notification indicati...
- Question 48: A security analyst discovers suspicious host activity while ...
- Question 49: An analyst is examining events in multiple systems but is ha...
- Question 50: An email hosting provider added a new data center with new p...
- Question 51: While implementing a PKI for a company, a security analyst p...
- Question 52: Which of the following is the software development process b...
- Question 53: SIMULATION You are a penetration tester who is reviewing the...
- Question 54: The email system administrator for an organization configure...
- Question 55: Which of the following will most likely ensure that mission-...
- Question 56: A security analyst obtained the following table of results f...
- Question 57: A security analyst is working on a server patch management p...
- Question 58: A small company does not have enough staff to effectively se...
- Question 59: A security analyst is reviewing the findings of the latest v...
- Question 60: An older CVE with a vulnerability score of 7.1 was elevated ...
- Question 61: An organization's internal department frequently uses a clou...
- Question 62: A technician is analyzing output from a popular network mapp...
- Question 63: Two employees in the finance department installed a freeware...
- Question 64: An analyst is responding to an incident involving an attack ...
- Question 65: An organization discovered a data breach that resulted in PI...
- Question 66: A security analyst is concerned the number of security incid...
- Question 67: An end-of-life date was announced for a widely used OS. A bu...
- Question 68: A security analyst is reviewing a firewall usage report that...
- Question 69: Which of the following can be used to learn more about TTPs ...
- Question 70: A security analyst has prepared a vulnerability scan that co...
- Question 71: During a review of recent network traffic, an analyst realiz...
- Question 72: Which of the following would help an analyst to quickly find...
- Question 73: A Chief Information Security Officer has asked for a list of...
- Question 74: A company's user accounts have been compromised. Users are a...
- Question 75: Which of the following is the first step that should be perf...
- Question 76: Which of the following, BEST explains the function of TPM?...
- Question 77: An incident response team finished responding to a significa...
- Question 78: A security analyst has received an incident case regarding m...
- Question 79: An analyst discovers unusual outbound connections to an IP t...
- Question 80: Which of the following best describes the process of requiri...
- Question 81: The analyst reviews the following endpoint log entry: (Exhib...
- Question 82: In SIEM software, a security analysis selected some changes ...
- Question 83: A Chief Information Security Officer wants to implement secu...
- Question 84: A cybersecurity team lead is developing metrics to present i...
- Question 85: Company A is in the process of merging with Company B. As pa...
- Question 86: An analyst is remediating items associated with a recent inc...
- Question 87: The Chief Executive Officer of an organization recently hear...
- Question 88: A security analyst is reviewing the output of tcpdump to ana...
- Question 89: A company's legal and accounting teams have decided it would...
- Question 90: A network analyst notices a long spike in traffic on port 14...
- Question 91: A security learn implemented a SCM as part for its security-...
- Question 92: A security analyst needs to mitigate a known, exploited vuln...
- Question 93: A team of analysts is developing a new internal system that ...
- Question 94: A company that has a geographically diverse workforce and dy...
- Question 95: Which of the following BEST describes HSM?...
- Question 96: A security analyst needs to provide the development team wit...
- Question 97: A Chief Information Security Officer has outlined several re...
- Question 98: An MSSP received several alerts from customer 1, which cause...
- Question 99: An analyst is reviewing a vulnerability report and must make...
- Question 100: Which of the following BEST identifies the appropriate use o...
- Question 101: A new zero-day vulnerability was released. A security analys...
- Question 102: A web developer reports the following error that appeared on...
- Question 103: Which of the following is a difference between SOAR and SCAP...
- Question 104: An employee is no longer able to log in to an account after ...
- Question 105: Some hard disks need to be taken as evidence for further ana...
- Question 106: The security team reviews a web server for XSS and runs the ...
- Question 107: A company offers a hardware security appliance to customers ...
- Question 108: A company is deploying new vulnerability scanning software t...
- Question 109: An organization wants to implement a privileged access manag...
- Question 110: A developer is working on a program to convert user-generate...
- Question 111: A company receives a penetration test report summary from a ...
- Question 112: Security analysts review logs on multiple servers on a daily...
- Question 113: Which of the following APT adversary archetypes represent no...
- Question 114: An incident response analyst is taking over an investigation...
- Question 115: An organization receives a legal hold request from an attorn...
- Question 116: Which of the following is MOST important when developing a t...
- Question 117: An incident response team detected malicious software that c...
- Question 118: The Chief Information Security Officer for an organization r...
- Question 119: Which of the following security operations tasks are ideal f...
- Question 120: Which of the following should be updated after a lessons-lea...
- Question 121: Several vulnerability scan reports have indicated runtime er...
- Question 122: A security administrator has been notified by the IT operati...
- Question 123: While reviewing web server logs, a security analyst discover...
- Question 124: A cybersecurity analyst needs to harden a server that is cur...
- Question 125: Which of the following stakeholders are most likely to recei...
- Question 126: During the log analysis phase, the following suspicious comm...
- Question 127: The security team at a company, which was a recent target of...
- Question 128: While conducting a cloud assessment, a security analyst perf...
- Question 129: A vulnerability management team is unable to patch all vulne...
- Question 130: A company is in the process of implementing a vulnerability ...
- Question 131: Which of the following describes the best reason for conduct...
- Question 132: A Chief Information Security Officer (CISO) is concerned tha...
- Question 133: Which of following would best mitigate the effects of a new ...
- Question 134: A SOC analyst is analyzing traffic on a network and notices ...
- Question 135: A security analyst observed the following activities in chro...
- Question 136: A consultant evaluating multiple threat intelligence leads t...
- Question 137: An organization has the following policy statements: - AlI e...
- Question 138: A laptop that is company owned and managed is suspected to h...
- Question 139: A vulnerability analyst received a list of system vulnerabil...
- Question 140: Forming a hypothesis, looking for indicators of compromise, ...
- Question 141: Which of the following does "federation" most likely refer t...
- Question 142: Which of the following BEST describes what an organizations ...
- Question 143: An incident response analyst is investigating the root cause...
- Question 144: A company is implementing a vulnerability management program...
- Question 145: A security program was able to achieve a 30% improvement in ...
- Question 146: A security analyst discovers an LFI vulnerability that can b...
- Question 147: A security analyst is trying to identify possible network ad...
- Question 148: A company has the following security requirements: - No publ...
- Question 149: After reviewing the final report for a penetration test, a c...
- Question 150: An incident response analyst notices multiple emails travers...
- Question 151: An organization conducted a web application vulnerability as...
- Question 152: During an incident, a security analyst discovers a large amo...
- Question 153: An analyst is responding to an incident within a cloud infra...
- Question 154: A cloud team received an alert that unauthorized resources w...
- Question 155: During an extended holiday break, a company suffered a secur...
- Question 156: The security analyst received the monthly vulnerability repo...
- Question 157: Due to a rise in cyber attackers seeking PHI, a healthcare c...
- Question 158: During a cybersecurity incident, one of the web servers at t...
- Question 159: A company's application development has been outsourced to a...
- Question 160: A penetration tester is conducting a test on an organization...
- Question 161: A vulnerability management team found four major vulnerabili...
- Question 162: The help desk is having difficulty keeping up with all onboa...
- Question 163: There are several reports of sensitive information being dis...
- Question 164: An analyst notices there is an internal device sending HTTPS...
- Question 165: A cybersecurity analyst is participating with the DLP projec...
[×]
Download PDF File
Enter your email address to download CuramSoftware.CS0-003.v2024-09-09.q165.pdf