CS0-003 Exam Dumps | A SOC receives several alerts indicating user accounts are connecting to the company's identity provider

<< Prev Question Next Question >>

Question 218/230

A SOC receives several alerts indicating user accounts are connecting to the company's identity provider through non-secure communications. User credentials for accessing sensitive, business- critical systems could be exposed. Which of the following logs should the SOC use when determining malicious intent?

A. DNS

B. tcpdump

C. Directory

D. IDS

Question List (230q): Question 1: A security analyst reviews a SIEM alert related to a suspici...; Question 2: An online gaming company was impacted by a ransomware attack...; Question 3: After an upgrade to a new EDR, a security analyst received r...; Question 4: A security analyst found an old version of OpenSSH running o...; Question 5: A security analyst observes a high volume of SYN flags from ...; Question 6: An organization has the following policy statements: - AlI e...; Question 7: SIMULATION An organization's website was maliciously altered...; Question 8: A recent audit of the vulnerability management program outli...; Question 9: An analyst would like to start automatically ingesting IoCs ...; Question 10: A security analyst is investigating an incident related to a...; Question 11: During an incident in which a user machine was compromised, ...; Question 12: A virtual web server in a server pool was infected with malw...; Question 13: A cybersecurity analyst is participating with the DLP projec...; Question 14: A SOC analyst recommends adding a layer of defense for all e...; Question 15: After detecting possible malicious external scanning, an int...; Question 16: Following an attack, an analyst needs to provide a summary o...; Question 17: A company's legal and accounting teams have decided it would...; Question 18: An organization conducted a web application vulnerability as...; Question 19: Which of the following is the appropriate phase in the incid...; Question 20: The SOC received a threat intelligence notification indicati...; Question 21: An analyst suspects cleartext passwords are being sent over ...; Question 22: A Chief Information Security Officer wants to map all the at...; Question 23: A company's security team is updating a section of the repor...; Question 24: An organization is experiencing security incidents in which ...; Question 25: A security analyst needs to provide the development team wit...; Question 26: During a packet capture review, a security analyst identifie...; Question 27: An analyst views the following log entries: (Exhibit) The or...; Question 28: Several critical bugs were identified during a vulnerability...; Question 29: An employee downloads a freeware program to change the deskt...; Question 30: A code review reveals a web application is using lime-based ...; Question 31: Which of the following describes the best reason for conduct...; Question 32: A company classifies security groups by risk level. Any grou...; Question 33: An analyst is creating the final vulnerability report for on...; Question 34: An analyst finds that an IP address outside of the company n...; Question 35: Which of the following best describes the process of requiri...; Question 36: During routine monitoring a security analyst identified the ...; Question 37: An analyst is investigating a phishing incident and has retr...; Question 38: A penetration tester is conducting a test on an organization...; Question 39: An analyst discovers unusual outbound connections to an IP t...; Question 40: A corporation wants to implement an agent-based endpoint sol...; Question 41: A developer downloaded and attempted to install a file trans...; Question 42: Which of the following is the best use of automation in cybe...; Question 43: A security analyst at a company is reviewing an alert from t...; Question 44: A Chief Information Security Officer (CISO) has determined t...; Question 45: A cybersecurity analyst is reviewing SIEM logs and observes ...; Question 46: Which of the following defines the proper sequence of data v...; Question 47: An analyst has received an IPS event notification from the S...; Question 48: There are several reports of sensitive information being dis...; Question 49: A security analyst needs to mitigate a known, exploited vuln...; Question 50: A Chief Information Security Officer has requested a dashboa...; Question 51: The majority of a company's employees have stated they are u...; Question 52: An analyst is designing a message system for a bank. The ana...; Question 53: A junior security analyst opened ports on the company's fire...; Question 54: A security analyst obtained the following table of results f...; Question 55: Which of the following will most likely ensure that mission-...; Question 56: A security program was able to achieve a 30% improvement in ...; Question 57: A security analyst is reviewing events that occurred during ...; Question 58: A help desk technician inadvertently sent the credentials of...; Question 59: A systems analyst is limiting user access to system configur...; Question 60: A Chief Information Security Officer (CISO) has decided the ...; Question 61: A systems administrator notices unfamiliar directory names o...; Question 62: A security analyst is trying to validate the results of a we...; Question 63: A WAF weekly report shows that a daily spike occurs from the...; Question 64: A security analyst needs to prioritize vulnerabilities for p...; Question 65: Which of the following is a circumstance in which a security...; Question 66: A manufacturer has hired a third-party consultant to assess ...; Question 67: A security analyst is reviewing the following Internet usage...; Question 68: A security analyst scans a host and generates the following ...; Question 69: A systems administrator receives reports of an internet-acce...; Question 70: A security analyst is trying to identify anomalies on the ne...; Question 71: A security analyst detected the following suspicious activit...; Question 72: During a security test, a security analyst found a critical ...; Question 73: An organization wants to establish a disaster recovery plan ...; Question 74: Which of the following BEST identifies the appropriate use o...; Question 75: A malicious actor has gained access to an internal network b...; Question 76: Which of the following factors would determine the regulatio...; Question 77: A security analyst recently used Arachni to perform a vulner...; Question 78: A security analyst has found a moderate-risk item in an orga...; Question 79: Which of the following best describes the goal of a tabletop...; Question 80: An analyst is examining events in multiple systems but is ha...; Question 81: Which of the following features is a key component of Zero T...; Question 82: Which of the following is often used to keep the number of a...; Question 83: Which of the following is an important aspect that should be...; Question 84: An incident response team is working with law enforcement to...; Question 85: Which of the following APT adversary archetypes represent no...; Question 86: A security analyst needs to support an organization's legal ...; Question 87: A Chief Finance Officer receives an email from someone who i...; Question 88: Which of the following would help an analyst to quickly find...; Question 89: An analyst is reviewing a vulnerability report and must make...; Question 90: During a review of SIEM alerts, a security analyst discovers...; Question 91: During an incident involving phishing, a security analyst ne...; Question 92: An end user forwarded an email with a file attachment to the...; Question 93: An analyst has discovered the following suspicious command: ...; Question 94: An organization enabled a SIEM rule to send an alert to a se...; Question 95: A security analyst observed the following activity from a pr...; Question 96: A security team is concerned about recent Layer 4 DDoS attac...; Question 97: While reviewing web server logs, a security analyst found th...; Question 98: An incident response team detected malicious software that c...; Question 99: Which of the following is most appropriate to use with SOAR ...; Question 100: A Chief Information Security Officer has outlined several re...; Question 101: A technician identifies a vulnerability on a server and appl...; Question 102: During security scanning, a security analyst regularly finds...; Question 103: A threat hurting team received a new loC from an ISAC that f...; Question 104: An incident response team found IoCs in a critical server. T...; Question 105: A security analyst finds an application that cannot enforce ...; Question 106: Which of the following is a commonly used four-component fra...; Question 107: The analyst reviews the following endpoint log entry: (Exhib...; Question 108: A high volume of failed RDP authentication attempts was logg...; Question 109: SIMULATION A systems administrator is reviewing the output o...; Question 110: A security analyst is reviewing a packet capture in Wireshar...; Question 111: Which of the following best describes the importance of impl...; Question 112: Which of the following explains the importance of a timeline...; Question 113: Which of the following in the digital forensics process is c...; Question 114: A SOC manager receives a phone call from an upset customer. ...; Question 115: An analyst receives threat intelligence regarding potential ...; Question 116: Which of the following, BEST explains the function of TPM?...; Question 117: Results of a SOC customer service evaluation indicate high l...; Question 118: Several incidents have occurred with a legacy web applicatio...; Question 119: A security analyst received an alert regarding multiple succ...; Question 120: The Chief Information Security Officer wants to eliminate an...; Question 121: A recent vulnerability scan resulted in an abnormally large ...; Question 122: A Chief Information Security Officer wants to implement secu...; Question 123: Which of the following is the most important reason for an i...; Question 124: A security analyst has received an incident case regarding m...; Question 125: A cybersecurity analyst has been assigned to the threat-hunt...; Question 126: When undertaking a cloud migration of multiple SaaS applicat...; Question 127: An auditor is reviewing an evidence log associated with a cy...; Question 128: A company has a primary control in place to restrict access ...; Question 129: During a scan of a web server in the perimeter network, a vu...; Question 130: A user is suspected of violating policy by logging in to a L...; Question 131: SIMULATION You are a penetration tester who is reviewing the...; Question 132: A company offers a hardware security appliance to customers ...; Question 133: A leader on the vulnerability management team is trying to r...; Question 134: A payroll department employee was the target of a phishing a...; Question 135: An analyst is suddenly unable to enrich data from the firewa...; Question 136: Following an incident, a security analyst needs to create a ...; Question 137: The Chief Information Security Officer wants the same level ...; Question 138: After reviewing the final report for a penetration test, a c...; Question 139: Which of the following best describes the actions taken by a...; Question 140: A user clicks on a malicious adware link, and the malware su...; Question 141: A new SOC manager reviewed findings regarding the strengths ...; Question 142: A security officer needs to find the most cost-effective sol...; Question 143: During normal security monitoring activities, the following ...; Question 144: Some hard disks need to be taken as evidence for further ana...; Question 145: An organization was compromised, and the usernames and passw...; Question 146: A security analyst is concerned the number of security incid...; Question 147: A security analyst working for an airline is prioritizing vu...; Question 148: A security analyst would like to integrate two different Saa...; Question 149: A company is implementing a vulnerability management program...; Question 150: Which of the following evidence collection methods is most l...; Question 151: An organization has activated the CSIRT. A security analyst ...; Question 152: A user's computer is performing slower than the day before, ...; Question 153: A SOC analyst is analyzing traffic on a network and notices ...; Question 154: Which of the following best describes the key goal of the co...; Question 155: An organization has established a formal change management p...; Question 156: During an incident, an analyst needs to acquire evidence for...; Question 157: A SOC analyst wants to improve the proactive detection of ma...; Question 158: A systems administrator is reviewing after-hours traffic flo...; Question 159: An email hosting provider added a new data center with new p...; Question 160: An IT security analyst has received an email alert regarding...; Question 161: A SOC analyst identifies the following content while examini...; Question 162: During an extended holiday break, a company suffered a secur...; Question 163: Which of the following items should be included in a vulnera...; Question 164: Which of the following is the most appropriate action a secu...; Question 165: A security audit for unsecured network services was conducte...; Question 166: A software developer is correcting the error-handling capabi...; Question 167: SIMULATION A company recently experienced a security inciden...; Question 168: A security analyst noticed the following entry on a web serv...; Question 169: Which of the following would an organization use to develop ...; Question 170: A security analyst was transferred to an organization's thre...; Question 171: An analyst notices there is an internal device sending HTTPS...; Question 172: After conducting a cybersecurity risk assessment for a new s...; Question 173: Several vulnerability scan reports have indicated runtime er...; Question 174: A small company does not have enough staff to effectively se...; Question 175: An organization's internal department frequently uses a clou...; Question 176: A cybersecurity analyst is recommending a solution to ensure...; Question 177: A cybersecurity analyst is tasked with scanning a web applic...; Question 178: A security analyst has identified outgoing network traffic l...; Question 179: Based on an internal assessment, a vulnerability management ...; Question 180: An incident response analyst notices multiple emails travers...; Question 181: Which of the following would a security analyst most likely ...; Question 182: The Chief Information Security Officer (CISO) of a large man...; Question 183: Using open-source intelligence gathered from technical forum...; Question 184: A company wants to configure the environment to allow passiv...; Question 185: A security analyst runs tcpdump on the 10.203.10.22 machine ...; Question 186: A Chief Information Security Officer (CISO) is concerned tha...; Question 187: Executives want to compare certain metrics from the most rec...; Question 188: An analyst is evaluating a vulnerability management dashboar...; Question 189: During an incident, analysts need to rapidly investigate by ...; Question 190: Which of the following phases of the Cyber Kill Chain involv...; Question 191: A cryptocurrency service company is primarily concerned with...; Question 192: SIMULATION You are a cybersecurity analyst tasked with inter...; Question 193: Which of the following best explains the importance of the i...; Question 194: Which of the following is the best metric to use when review...; Question 195: A newly hired security manager in a SOC wants to improve eff...; Question 196: A company uses an FTP server to support its critical busines...; Question 197: The security analyst received the monthly vulnerability repo...; Question 198: An XSS vulnerability was reported on one of the public websi...; Question 199: An attacker recently gained unauthorized access to a financi...; Question 200: Which of the following attributes is part of the Diamond Mod...; Question 201: A security analyst sees the following OWASP ZAP output from ...; Question 202: A company's internet-facing web application has been comprom...; Question 203: Which of the following are the MOST likely reasons lo includ...; Question 204: A company's domain has been spooled in numerous phishing cam...; Question 205: An end-of-life date was announced for a widely used OS. A bu...; Question 206: A SOC manager is establishing a reporting process to manage ...; Question 207: A company has the following security requirements: - No publ...; Question 208: A company's application development has been outsourced to a...; Question 209: A security analyst found the following vulnerability on the ...; Question 210: An MSSP received several alerts from customer 1, which cause...; Question 211: A cybersecurity analyst needs to harden a server that is cur...; Question 212: A recent penetration test discovered that several employees ...; Question 213: Due to a rise in cyber attackers seeking PHI, a healthcare c...; Question 214: Which of the following is a benefit of the Diamond Model of ...; Question 215: A penetration tester submitted data to a form in a web appli...; Question 216: An analyst is conducting routine vulnerability assessments o...; Question 217: A security analyst identified the following suspicious entry...; Question 218: A SOC receives several alerts indicating user accounts are c...; Question 219: A security analyst is performing an investigation involving ...; Question 220: An analyst is trying to capture anomalous traffic from a com...; Question 221: Which of the following entities should an incident manager w...; Question 222: Which of the following actions would an analyst most likely ...; Question 223: A disgruntled open-source developer has decided to sabotage ...; Question 224: Which of the following is the most likely reason for an orga...; Question 225: Which of the following techniques can help a SOC team to red...; Question 226: Which of the following concepts is using an API to insert bu...; Question 227: An organization needs to bring in data collection and aggreg...; Question 228: A security analyst is reviewing the logs of a web server and...; Question 229: A company's user accounts have been compromised. Users are a...; Question 230: A cybersecurity analyst is doing triage in a SIEM and notice...

Question 218/230

LEAVE A REPLY

Download PDF File