CS0-003 Exam Dumps | An incident response team found IoCs in a critical server. The team needs to isolate and collect technical

<< Prev Question Next Question >>

Question 104/230

An incident response team found IoCs in a critical server. The team needs to isolate and collect technical evidence for further investigation. Which of the following pieces of data should be collected first in order to preserve sensitive information before isolating the server?

A. Hard disk

B. Primary boot partition

C. Malicious files

D. Routing table

E. Static IP address

Question List (230q): Question 1: A security analyst reviews a SIEM alert related to a suspici...; Question 2: An online gaming company was impacted by a ransomware attack...; Question 3: After an upgrade to a new EDR, a security analyst received r...; Question 4: A security analyst found an old version of OpenSSH running o...; Question 5: A security analyst observes a high volume of SYN flags from ...; Question 6: An organization has the following policy statements: - AlI e...; Question 7: SIMULATION An organization's website was maliciously altered...; Question 8: A recent audit of the vulnerability management program outli...; Question 9: An analyst would like to start automatically ingesting IoCs ...; Question 10: A security analyst is investigating an incident related to a...; Question 11: During an incident in which a user machine was compromised, ...; Question 12: A virtual web server in a server pool was infected with malw...; Question 13: A cybersecurity analyst is participating with the DLP projec...; Question 14: A SOC analyst recommends adding a layer of defense for all e...; Question 15: After detecting possible malicious external scanning, an int...; Question 16: Following an attack, an analyst needs to provide a summary o...; Question 17: A company's legal and accounting teams have decided it would...; Question 18: An organization conducted a web application vulnerability as...; Question 19: Which of the following is the appropriate phase in the incid...; Question 20: The SOC received a threat intelligence notification indicati...; Question 21: An analyst suspects cleartext passwords are being sent over ...; Question 22: A Chief Information Security Officer wants to map all the at...; Question 23: A company's security team is updating a section of the repor...; Question 24: An organization is experiencing security incidents in which ...; Question 25: A security analyst needs to provide the development team wit...; Question 26: During a packet capture review, a security analyst identifie...; Question 27: An analyst views the following log entries: (Exhibit) The or...; Question 28: Several critical bugs were identified during a vulnerability...; Question 29: An employee downloads a freeware program to change the deskt...; Question 30: A code review reveals a web application is using lime-based ...; Question 31: Which of the following describes the best reason for conduct...; Question 32: A company classifies security groups by risk level. Any grou...; Question 33: An analyst is creating the final vulnerability report for on...; Question 34: An analyst finds that an IP address outside of the company n...; Question 35: Which of the following best describes the process of requiri...; Question 36: During routine monitoring a security analyst identified the ...; Question 37: An analyst is investigating a phishing incident and has retr...; Question 38: A penetration tester is conducting a test on an organization...; Question 39: An analyst discovers unusual outbound connections to an IP t...; Question 40: A corporation wants to implement an agent-based endpoint sol...; Question 41: A developer downloaded and attempted to install a file trans...; Question 42: Which of the following is the best use of automation in cybe...; Question 43: A security analyst at a company is reviewing an alert from t...; Question 44: A Chief Information Security Officer (CISO) has determined t...; Question 45: A cybersecurity analyst is reviewing SIEM logs and observes ...; Question 46: Which of the following defines the proper sequence of data v...; Question 47: An analyst has received an IPS event notification from the S...; Question 48: There are several reports of sensitive information being dis...; Question 49: A security analyst needs to mitigate a known, exploited vuln...; Question 50: A Chief Information Security Officer has requested a dashboa...; Question 51: The majority of a company's employees have stated they are u...; Question 52: An analyst is designing a message system for a bank. The ana...; Question 53: A junior security analyst opened ports on the company's fire...; Question 54: A security analyst obtained the following table of results f...; Question 55: Which of the following will most likely ensure that mission-...; Question 56: A security program was able to achieve a 30% improvement in ...; Question 57: A security analyst is reviewing events that occurred during ...; Question 58: A help desk technician inadvertently sent the credentials of...; Question 59: A systems analyst is limiting user access to system configur...; Question 60: A Chief Information Security Officer (CISO) has decided the ...; Question 61: A systems administrator notices unfamiliar directory names o...; Question 62: A security analyst is trying to validate the results of a we...; Question 63: A WAF weekly report shows that a daily spike occurs from the...; Question 64: A security analyst needs to prioritize vulnerabilities for p...; Question 65: Which of the following is a circumstance in which a security...; Question 66: A manufacturer has hired a third-party consultant to assess ...; Question 67: A security analyst is reviewing the following Internet usage...; Question 68: A security analyst scans a host and generates the following ...; Question 69: A systems administrator receives reports of an internet-acce...; Question 70: A security analyst is trying to identify anomalies on the ne...; Question 71: A security analyst detected the following suspicious activit...; Question 72: During a security test, a security analyst found a critical ...; Question 73: An organization wants to establish a disaster recovery plan ...; Question 74: Which of the following BEST identifies the appropriate use o...; Question 75: A malicious actor has gained access to an internal network b...; Question 76: Which of the following factors would determine the regulatio...; Question 77: A security analyst recently used Arachni to perform a vulner...; Question 78: A security analyst has found a moderate-risk item in an orga...; Question 79: Which of the following best describes the goal of a tabletop...; Question 80: An analyst is examining events in multiple systems but is ha...; Question 81: Which of the following features is a key component of Zero T...; Question 82: Which of the following is often used to keep the number of a...; Question 83: Which of the following is an important aspect that should be...; Question 84: An incident response team is working with law enforcement to...; Question 85: Which of the following APT adversary archetypes represent no...; Question 86: A security analyst needs to support an organization's legal ...; Question 87: A Chief Finance Officer receives an email from someone who i...; Question 88: Which of the following would help an analyst to quickly find...; Question 89: An analyst is reviewing a vulnerability report and must make...; Question 90: During a review of SIEM alerts, a security analyst discovers...; Question 91: During an incident involving phishing, a security analyst ne...; Question 92: An end user forwarded an email with a file attachment to the...; Question 93: An analyst has discovered the following suspicious command: ...; Question 94: An organization enabled a SIEM rule to send an alert to a se...; Question 95: A security analyst observed the following activity from a pr...; Question 96: A security team is concerned about recent Layer 4 DDoS attac...; Question 97: While reviewing web server logs, a security analyst found th...; Question 98: An incident response team detected malicious software that c...; Question 99: Which of the following is most appropriate to use with SOAR ...; Question 100: A Chief Information Security Officer has outlined several re...; Question 101: A technician identifies a vulnerability on a server and appl...; Question 102: During security scanning, a security analyst regularly finds...; Question 103: A threat hurting team received a new loC from an ISAC that f...; Question 104: An incident response team found IoCs in a critical server. T...; Question 105: A security analyst finds an application that cannot enforce ...; Question 106: Which of the following is a commonly used four-component fra...; Question 107: The analyst reviews the following endpoint log entry: (Exhib...; Question 108: A high volume of failed RDP authentication attempts was logg...; Question 109: SIMULATION A systems administrator is reviewing the output o...; Question 110: A security analyst is reviewing a packet capture in Wireshar...; Question 111: Which of the following best describes the importance of impl...; Question 112: Which of the following explains the importance of a timeline...; Question 113: Which of the following in the digital forensics process is c...; Question 114: A SOC manager receives a phone call from an upset customer. ...; Question 115: An analyst receives threat intelligence regarding potential ...; Question 116: Which of the following, BEST explains the function of TPM?...; Question 117: Results of a SOC customer service evaluation indicate high l...; Question 118: Several incidents have occurred with a legacy web applicatio...; Question 119: A security analyst received an alert regarding multiple succ...; Question 120: The Chief Information Security Officer wants to eliminate an...; Question 121: A recent vulnerability scan resulted in an abnormally large ...; Question 122: A Chief Information Security Officer wants to implement secu...; Question 123: Which of the following is the most important reason for an i...; Question 124: A security analyst has received an incident case regarding m...; Question 125: A cybersecurity analyst has been assigned to the threat-hunt...; Question 126: When undertaking a cloud migration of multiple SaaS applicat...; Question 127: An auditor is reviewing an evidence log associated with a cy...; Question 128: A company has a primary control in place to restrict access ...; Question 129: During a scan of a web server in the perimeter network, a vu...; Question 130: A user is suspected of violating policy by logging in to a L...; Question 131: SIMULATION You are a penetration tester who is reviewing the...; Question 132: A company offers a hardware security appliance to customers ...; Question 133: A leader on the vulnerability management team is trying to r...; Question 134: A payroll department employee was the target of a phishing a...; Question 135: An analyst is suddenly unable to enrich data from the firewa...; Question 136: Following an incident, a security analyst needs to create a ...; Question 137: The Chief Information Security Officer wants the same level ...; Question 138: After reviewing the final report for a penetration test, a c...; Question 139: Which of the following best describes the actions taken by a...; Question 140: A user clicks on a malicious adware link, and the malware su...; Question 141: A new SOC manager reviewed findings regarding the strengths ...; Question 142: A security officer needs to find the most cost-effective sol...; Question 143: During normal security monitoring activities, the following ...; Question 144: Some hard disks need to be taken as evidence for further ana...; Question 145: An organization was compromised, and the usernames and passw...; Question 146: A security analyst is concerned the number of security incid...; Question 147: A security analyst working for an airline is prioritizing vu...; Question 148: A security analyst would like to integrate two different Saa...; Question 149: A company is implementing a vulnerability management program...; Question 150: Which of the following evidence collection methods is most l...; Question 151: An organization has activated the CSIRT. A security analyst ...; Question 152: A user's computer is performing slower than the day before, ...; Question 153: A SOC analyst is analyzing traffic on a network and notices ...; Question 154: Which of the following best describes the key goal of the co...; Question 155: An organization has established a formal change management p...; Question 156: During an incident, an analyst needs to acquire evidence for...; Question 157: A SOC analyst wants to improve the proactive detection of ma...; Question 158: A systems administrator is reviewing after-hours traffic flo...; Question 159: An email hosting provider added a new data center with new p...; Question 160: An IT security analyst has received an email alert regarding...; Question 161: A SOC analyst identifies the following content while examini...; Question 162: During an extended holiday break, a company suffered a secur...; Question 163: Which of the following items should be included in a vulnera...; Question 164: Which of the following is the most appropriate action a secu...; Question 165: A security audit for unsecured network services was conducte...; Question 166: A software developer is correcting the error-handling capabi...; Question 167: SIMULATION A company recently experienced a security inciden...; Question 168: A security analyst noticed the following entry on a web serv...; Question 169: Which of the following would an organization use to develop ...; Question 170: A security analyst was transferred to an organization's thre...; Question 171: An analyst notices there is an internal device sending HTTPS...; Question 172: After conducting a cybersecurity risk assessment for a new s...; Question 173: Several vulnerability scan reports have indicated runtime er...; Question 174: A small company does not have enough staff to effectively se...; Question 175: An organization's internal department frequently uses a clou...; Question 176: A cybersecurity analyst is recommending a solution to ensure...; Question 177: A cybersecurity analyst is tasked with scanning a web applic...; Question 178: A security analyst has identified outgoing network traffic l...; Question 179: Based on an internal assessment, a vulnerability management ...; Question 180: An incident response analyst notices multiple emails travers...; Question 181: Which of the following would a security analyst most likely ...; Question 182: The Chief Information Security Officer (CISO) of a large man...; Question 183: Using open-source intelligence gathered from technical forum...; Question 184: A company wants to configure the environment to allow passiv...; Question 185: A security analyst runs tcpdump on the 10.203.10.22 machine ...; Question 186: A Chief Information Security Officer (CISO) is concerned tha...; Question 187: Executives want to compare certain metrics from the most rec...; Question 188: An analyst is evaluating a vulnerability management dashboar...; Question 189: During an incident, analysts need to rapidly investigate by ...; Question 190: Which of the following phases of the Cyber Kill Chain involv...; Question 191: A cryptocurrency service company is primarily concerned with...; Question 192: SIMULATION You are a cybersecurity analyst tasked with inter...; Question 193: Which of the following best explains the importance of the i...; Question 194: Which of the following is the best metric to use when review...; Question 195: A newly hired security manager in a SOC wants to improve eff...; Question 196: A company uses an FTP server to support its critical busines...; Question 197: The security analyst received the monthly vulnerability repo...; Question 198: An XSS vulnerability was reported on one of the public websi...; Question 199: An attacker recently gained unauthorized access to a financi...; Question 200: Which of the following attributes is part of the Diamond Mod...; Question 201: A security analyst sees the following OWASP ZAP output from ...; Question 202: A company's internet-facing web application has been comprom...; Question 203: Which of the following are the MOST likely reasons lo includ...; Question 204: A company's domain has been spooled in numerous phishing cam...; Question 205: An end-of-life date was announced for a widely used OS. A bu...; Question 206: A SOC manager is establishing a reporting process to manage ...; Question 207: A company has the following security requirements: - No publ...; Question 208: A company's application development has been outsourced to a...; Question 209: A security analyst found the following vulnerability on the ...; Question 210: An MSSP received several alerts from customer 1, which cause...; Question 211: A cybersecurity analyst needs to harden a server that is cur...; Question 212: A recent penetration test discovered that several employees ...; Question 213: Due to a rise in cyber attackers seeking PHI, a healthcare c...; Question 214: Which of the following is a benefit of the Diamond Model of ...; Question 215: A penetration tester submitted data to a form in a web appli...; Question 216: An analyst is conducting routine vulnerability assessments o...; Question 217: A security analyst identified the following suspicious entry...; Question 218: A SOC receives several alerts indicating user accounts are c...; Question 219: A security analyst is performing an investigation involving ...; Question 220: An analyst is trying to capture anomalous traffic from a com...; Question 221: Which of the following entities should an incident manager w...; Question 222: Which of the following actions would an analyst most likely ...; Question 223: A disgruntled open-source developer has decided to sabotage ...; Question 224: Which of the following is the most likely reason for an orga...; Question 225: Which of the following techniques can help a SOC team to red...; Question 226: Which of the following concepts is using an API to insert bu...; Question 227: An organization needs to bring in data collection and aggreg...; Question 228: A security analyst is reviewing the logs of a web server and...; Question 229: A company's user accounts have been compromised. Users are a...; Question 230: A cybersecurity analyst is doing triage in a SIEM and notice...

Question 104/230

LEAVE A REPLY

Download PDF File