An analyst needs to forensically examine a Windows machine that was compromised by
a threat actor.
Intelligence reports state this specific threat actor is characterized by hiding malicious
artifacts, especially with
alternate data streams. Based on this intelligence, which of the following BES...
an analyst needs to forensically examine a windows machine that was compromised by a threat actor intelligence reports state this specific threat actor is charact
Written for
CySA+
All documents for this subject (480)
Seller
Follow
EvaTee
Reviews received
Content preview
CySA+ (CS0-002)
An analyst needs to forensically examine a Windows machine that was compromised by
a threat actor.
Intelligence reports state this specific threat actor is characterized by hiding malicious
artifacts, especially with
alternate data streams. Based on this intelligence, which of the following BEST explains
alternate data
streams?
A. A different way data can be streamlined if the user wants to use less memory on a
Windows system for
forking resources
B. A way to store data on an external drive attached to a Windows machine that is not
readily accessible to
users
C. A windows attribute that provides for forking resources and is potentially used to hide
the presence of
secret or malicious files inside the file records of a benign file
D. A Windows attribute that can be used by attackers to hide malicious files within
system memory Correct answer- D. A Windows attribute that can be used by attackers
to hide malicious files within system memory
An executive assistant wants to onboard a new cloud-based product to help with
business analytics and
dashboarding. Which of the following would be the BEST integration option for this
service?
A. Manually log in to the service and upload data files on a regular basis.
B. Have the internal development team script connectivity and file transfers to the new
service.
C. Create a dedicated SFTP site and schedule transfers to ensure file transport
security.
D. Utilize the cloud product's API for supported and ongoing integrations. Correct
answer- D. Utilize the cloud product's API for supported and ongoing integrations
Data spillage occurred when an employee accidentally emailed a sensitive file to an
external recipient. Which
of the following controls would have MOST likely prevented this incident?
A. SSO
B. DLP
C. WAF
D. VDI Correct answer- B. DLP
,A development team is testing a new application release. The team needs to import
existing client PHI data
records from the production environment to the test environment to test accuracy and
functionality. Which of
the following would BEST protect the sensitivity of this data while still allowing the team
to perform the
testing?
A. Deidentification
B. Encoding
C. Encryption
D. Watermarking Correct answer- A. Deidentification
Which of the following are components of the intelligence cycle? (Select TWO).
A. Collection
B. Normalization
C. Response
D. Analysis
E. Correction
F. Dissension Correct answer- A. Collection
D. Analysis
During an investigation, a security analyst identified machines that are infected with
malware the antivirus was
unable to detect. Which of the following is the BEST place to acquire evidence to
perform data carving?
A. The system memory
B. The hard drive
C. Network packets
D. The Windows Registry Correct answer- A. The system memory
A SIEM solution alerts a security analyst of a high number of login attempts against the
company's webmail
portal. The analyst determines the login attempts used credentials from a past data
breach. Which of the
following is the BEST mitigation to prevent unauthorized access?
A. Single sign-on
B. Mandatory access control
C. Multifactor authentication
D. Federation
E. Privileged access management Correct answer- C. Multifactor authentication
An organization wants to move non-essential services into a cloud computing
Environment. Management has
a cost focus and would like to achieve a recovery time objective of 12 hours. Which of
the following cloud
recovery strategies would work BEST to attain the desired outcome?
,A. Duplicate all services in another instance and load balance between the instances.
B. Establish a hot site with active replication to another region within the same cloud
provider
C. Set up a warm disaster recovery site with the same cloud provider in a different
region.
D. Configure the systems with a cold site at another cloud provider that can be used for
failover. Correct answer- C. Set up a warm disaster recovery site with the same cloud
provider in a different region.
A security technician is testing a solution that will prevent outside entities from spoofing
the company's email
domain, which is comptia.org. The testing is successful, and the security technician is
prepared to fully
implement the solution. Which of the following actions should the technician take to
accomplish this task?
A. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the DNS record.
B. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the email server.
C. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the domain controller.
D. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the web server. Correct
answer- A. Add TXT @ "v=spfl mx include:_spf.comptia.org -all" to the DNS record.
A Chief Information Security Officer (CISO) is concerned the development team, which
consists of
contractors, has too much access to customer data. Developers use personal
workstations, giving the
company little to no visibility into the development activities. Which of the following
would be BEST to
implement to alleviate the CISO's concern?
A. DLP
B. Encryption
C. Test data
D. NDA Correct answer- C. Test data
A development team uses open-source software and follows an Agile methodology with
two-week sprints.
Last month, the security team filed a bug for an insecure version of a common library.
The DevOps team
updated the library on the server, and then the security team rescanned the server to
verify it was no longer
vulnerable. This month, the security team found the same vulnerability on the server.
Which of the following
should be done to correct the cause of the vulnerability?
A. Deploy a WAF in front of the application.
B. Implement a software repository management tool.
C. Install a HIPS on the server.
, D. Instruct the developers to use input validation in the code. Correct answer- B.
Implement a software repository management tool.
Which of the following BEST describes the primary role of a risk assessment as it
relates to compliance with
risk-based frameworks?
A. It demonstrates the organization's mitigation of risks associated with internal threats.
B. It serves as the basis for control selection.
C. It prescribes technical control requirements
D. It is an input to the business impact assessment Correct answer- B. It serves as the
basis for control selection.
A security analyst discovers accounts in sensitive SaaS-based systems are not being
removed in a timely
manner when an employee leaves the organization. To BEST resolve the issue, the
organization should
implement:
A. federated authentication.
B. role-based access control.
C. manual account reviews
D. multifactor authentication. Correct answer- A. federated authentication
A security analyst had received information from a third-party intelligence-sharing
resource that indicates
employee accounts were breached. Which of the following is the NEXT step the analyst
should take to
address the issue?
A. Audit access permissions for all employees to ensure least privilege
B. Force a password reset for the impacted employees and revoke any tokens.
C. Configure SSO to prevent passwords from going outside the local network.
D. Set up prevailed access management to ensure auditing is enabled Correct answer-
B. Force a password reset for the impacted employees and revoke any tokens.
Bootloader malware was recently discovered on several company workstations. All the
workstations run
Windows and are current models with UEFI capability. Which of the following UEFI
settings is the MOST likely
cause of the infections?
A. Compatibility mode
B. Secure boot mode
C. Native mode
D. Fast boot mode Correct answer- A. Compatibility mode
A small electronics company decides to use a contractor to assist with the development
of a new FPGA-based
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller EvaTee. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.