Join the discussion
Question 1/211
An analyst determines a security incident has occurred. Which of the following is the most appropriate NEXT step in an incident response plan?
Correct Answer: D
Add Comments
- Other Question (211q)
- Q1. An analyst determines a security incident has occurred. Which of the following is the most...
- Q2. An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address k...
- Q3. An analyst reviews a recent government alert on new zero-day threats and finds the followi...
- Q4. An incident response team finished responding to a significant security incident. The mana...
- Q5. Given the following CVSS string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Which of the...
- Q6. Two employees in the finance department installed a freeware application that contained em...
- Q7. A security analyst is trying to identify possible network addresses from different source ...
- Q8. A penetration tester is conducting a test on an organization's software development websit...
- Q9. During a tabletop exercise, engineers discovered that an ICS could not be updated due to h...
- Q10. An analyst investigated a website and produced the following: (Exhibit) Which of the follo...
- Q11. An analyst is examining events in multiple systems but is having difficulty correlating da...
- Q12. Which of the following is the best metric for an organization to focus on given recent inv...
- Q13. Which of the following best explains the importance of network microsegmentation as part o...
- Q14. An online gaming company was impacted by a ransomware attack. An employee opened an attach...
- Q15. A security analyst noticed the following entry on a web server log: Warning: fopen (http:/...
- Q16. The security operations team is required to consolidate several threat intelligence feeds ...
- Q17. A vulnerability management team found four major vulnerabilities during an assessment and ...
- Q18. Which of the following best describes the actions taken by an organization after the resol...
- Q19. A developer is working on a program to convert user-generated input in a web form before i...
- Q20. SIMULATION A systems administrator is reviewing the output of a vulnerability scan. INSTRU...
- Q21. A company has alerted planning the implemented a vulnerability management procedure. Howev...
- Q22. Which of the following is often used to keep the number of alerts to a manageable level wh...
- Q23. An analyst needs to provide recommendations based on a recent vulnerability scan: (Exhibit...
- Q24. Which of the following best describes the goal of a tabletop exercise?...
- Q25. An employee received a phishing email that contained malware targeting the company. Which ...
- Q26. A security analyst is performing vulnerability scans on the network. The analyst installs ...
- Q27. Which of the following best describes the key elements of a successful information securit...
- Q28. A security analyst reviews the following results of a Nikto scan: (Exhibit) Which of the f...
- Q29. Which of the following actions would an analyst most likely perform after an incident has ...
- Q30. Which of the following is a reason proper handling and reporting of existing evidence are ...
- Q31. SIMULATION An organization's website was maliciously altered. INSTRUCTIONS Review informat...
- Q32. K company has recently experienced a security breach via a public-facing service. Analysis...
- Q33. Which of the following describes how a CSIRT lead determines who should be communicated wi...
- Q34. During a scan of a web server in the perimeter network, a vulnerability was identified tha...
- Q35. An analyst is investigating a phishing incident and has retrieved the following as part of...
- Q36. A security analyst discovers an LFI vulnerability that can be exploited to extract credent...
- Q37. A help desk technician inadvertently sent the credentials of the company's CRM n clear tex...
- Q38. When undertaking a cloud migration of multiple SaaS applications, an organization's system...
- Q39. An analyst has been asked to validate the potential risk of a new ransomware campaign that...
- Q40. After a security assessment was done by a third-party consulting firm, the cybersecurity p...
- Q41. An organization is conducting a pilot deployment of an e-commerce application. The applica...
- Q42. An analyst is evaluating a vulnerability management dashboard. The analyst sees that a pre...
- Q43. Which of the following will most likely cause severe issues with authentication and loggin...
- Q44. A security analyst needs to mitigate a known, exploited vulnerability related to an attack...
- Q45. Which of the following describes a contract that is used to define the various levels of m...
- Q46. A company is in the process of implementing a vulnerability management program, and there ...
- Q47. The Chief Information Security Officer wants to eliminate and reduce shadow IT in the ente...
- Q48. A security analyst receives an alert for suspicious activity on a company laptop. An excer...
- Q49. A cybersecurity analyst has recovered a recently compromised server to its previous state....
- Q50. An organization's threat intelligence team notes a recent trend in adversary privilege esc...
- Q51. A regulated organization experienced a security breach that exposed a list of customer nam...
- Q52. A security analyst has prepared a vulnerability scan that contains all of the company's fu...
- Q53. A code review reveals a web application is using lime-based cookies for session management...
- Q54. A consultant evaluating multiple threat intelligence leads to assess potential risks for a...
- Q55. An organization has experienced a breach of customer transactions. Under the terms of PCI ...
- Q56. A systems administrator receives reports of an internet-accessible Linux server that is ru...
- Q57. A cloud team received an alert that unauthorized resources were being auto-provisioned. Af...
- Q58. A security administrator needs to provide access from partners to an Isolated laboratory n...
- Q59. After updating the email client to the latest patch, only about 15% of the workforce is ab...
- Q60. An analyst is reviewing the following output as part of an incident: (Exhibit) Which of th...
- Q61. A company that has a geographically diverse workforce and dynamic IPs wants to implement a...
- Q62. An IT security analyst has received an email alert regarding a vulnerability within the ne...
- Q63. A security analyst identified the following suspicious entry on the host-based IDS logs: b...
- Q64. Which of the following BEST describes HSM?
- Q65. An organization's email account was compromised by a bad actor. Given the following inform...
- Q66. During a recent site survey. an analyst discovered a rogue wireless access point on the ne...
- Q67. A security analyst has found a moderate-risk item in an organization's point-of-sale appli...
- Q68. An organization has a critical financial application hosted online that does not allow eve...
- Q69. A security analyst needs to develop a solution to protect a high-value asset from an explo...
- Q70. During an extended holiday break, a company suffered a security incident. This information...
- Q71. A security analyst at a company is reviewing an alert from the file integrity monitoring i...
- Q72. After conducting a cybersecurity risk assessment for a new software request, a Chief Infor...
- Q73. A security analyst found the following vulnerability on the company's website: <INPUT T...
- Q74. A security program was able to achieve a 30% improvement in MTTR by integrating security c...
- Q75. During the threat modeling process for a new application that a company is launching, a se...
- Q76. A leader on the vulnerability management team is trying to reduce the team's workload by a...
- Q77. Which of the following is described as a method of enforcing a security policy between clo...
- Q78. Which of the following BEST explains the function of a managerial control?...
- Q79. A security officer needs to find the most cost-effective solution to the current data priv...
- Q80. An organization conducted a web application vulnerability assessment against the corporate...
- Q81. A security analyst discovers suspicious host activity while performing monitoring activiti...
- Q82. A company uses an FTP server to support its critical business functions. The FTP server is...
- Q83. The security team reviews a web server for XSS and runs the following Nmap scan: (Exhibit)...
- Q84. A web developer reports the following error that appeared on a development server when tes...
- Q85. A company offers a hardware security appliance to customers that provides remote administr...
- Q86. Which of the following phases of the Cyber Kill Chain involves the adversary attempting to...
- Q87. Several critical bugs were identified during a vulnerability scan. The SLA risk requiremen...
- Q88. An incident response team member is triaging a Linux server. The output is shown below: (E...
- Q89. A company patches its servers using automation software. Remote SSH or RDP connections are...
- Q90. A company is implementing a vulnerability management program and moving from an on- premis...
- Q91. A Chief Information Security Officer wants to map all the attack vectors that the company ...
- Q92. A security analyst must preserve a system hard drive that was involved in a litigation req...
- Q93. A code review reveals a web application is using lime-based cookies for session management...
- Q94. A list of loCs released by a government security organization contains the SHA-256 hash fo...
- Q95. A security analyst received a malicious binary file to analyze. Which of the following is ...
- Q96. A security analyst is responding to an indent that involves a malicious attack on a networ...
- Q97. An organization receives a legal hold request from an attorney. The request pertains to em...
- Q98. An analyst is becoming overwhelmed with the number of events that need to be investigated ...
- Q99. Company A is in the process of merging with Company B. As part of the merger, connectivity...
- Q100. An employee downloads a freeware program to change the desktop to the classic look of lega...
- Q101. A security team is concerned about recent Layer 4 DDoS attacks against the company website...
- Q102. A cybersecurity analyst has been assigned to the threat-hunting team to create a dynamic d...
- Q103. A security analyst is deploying a new application in the environment. The application need...
- Q104. The security team at a company, which was a recent target of ransomware, compiled a list o...
- Q105. A systems administrator needs to gather security events with repeatable patterns from Linu...
- Q106. A security analyst is reviewing WAF alerts and sees the following request: Request="GET /p...
- Q107. The help desk is having difficulty keeping up with all onboarding and offboarding requests...
- Q108. Forming a hypothesis, looking for indicators of compromise, and using the findings to proa...
- Q109. A security analyst must review a suspicious email to determine its legitimacy. Which of th...
- Q110. A developer downloaded and attempted to install a file transfer application in which the i...
- Q111. During the log analysis phase, the following suspicious command is detected: (Exhibit) Whi...
- Q112. An analyst is reviewing a vulnerability report for a server environment with the following...
- Q113. An organization has activated the CSIRT. A security analyst believes a single virtual serv...
- Q114. During an incident involving phishing, a security analyst needs to find the source of the ...
- Q115. An analyst discovers unusual outbound connections to an IP that was previously blocked at ...
- Q116. A security analyst is working on a server patch management policy that will allow the infr...
- Q117. A security analyst discovers an ongoing ransomware attack while investigating a phishing e...
- Q118. A company's security team is updating a section of the reporting policy that pertains to i...
- Q119. Which of the following is MOST dangerous to the client environment during a vulnerability ...
- Q120. Which of the following best explains the importance of the implementation of a secure soft...
- Q121. A cybersecurity analyst is reviewing SIEM logs and observes consistent requests originatin...
- Q122. Which of the following is the best way to begin preparation for a report titled "What We L...
- Q123. A security team conducts a lessons-learned meeting after struggling to determine who shoul...
- Q124. A SIEM alert is triggered based on execution of a suspicious one-liner on two workstations...
- Q125. A security analyst would like to integrate two different SaaS-based security tools so that...
- Q126. A security analyst has found the following suspicious DNS traffic while analyzing a packet...
- Q127. A vulnerability analyst received a list of system vulnerabilities and needs to evaluate th...
- Q128. A vulnerability scanner has identified an out-of-support database software version running...
- Q129. A security analyst received an alert regarding multiple successful MFA log-ins for a parti...
- Q130. After a security assessment was done by a third-party consulting firm, the cybersecurity p...
- Q131. A Chief Information Security Officer (CISO) is concerned that a specific threat actor who ...
- Q132. Which of the following statements best describes the MITRE ATT&CK framework?...
- Q133. Which of the following APT adversary archetypes represent non-nation-state threat actors? ...
- Q134. Which of the following best describes the reporting metric that should be utilized when me...
- Q135. A penetration tester submitted data to a form in a web application, which enabled the pene...
- Q136. An organization wants to ensure the privacy of the data that is on its systems. Full disk ...
- Q137. A security analyst is investigating a reported phishing attempt that was received by many ...
- Q138. Which of the following responsibilities does the legal team have during an incident manage...
- Q139. A company's user accounts have been compromised. Users are also reporting that the company...
- Q140. An organization's internal department frequently uses a cloud provider to store large amou...
- Q141. Which of the following is MOST important when developing a threat hunting program?...
- Q142. An organization has the following policy statements: - AlI emails entering or leaving the ...
- Q143. An incident response team detected malicious software that could have gained access to cre...
- Q144. A cybersecurity analyst needs to harden a server that is currently being used as a web ser...
- Q145. A security analyst scans a host and generates the following output: (Exhibit) Which of the...
- Q146. The management team requests monthly KPI reports on the company's cybersecurity program. W...
- Q147. A security team identified several rogue Wi-Fi access points during the most recent networ...
- Q148. An incident responder was able to recover a binary file through the network traffic. The b...
- Q149. While reviewing web server logs, an analyst notices several entries with the same time sta...
- Q150. An analyst has received an IPS event notification from the SIEM stating an IP address, whi...
- Q151. An organization recently changed its BC and DR plans. Which of the following would best al...
- Q152. A network security analyst for a large company noticed unusual network activity on a criti...
- Q153. Executives at an organization email sensitive financial information to external business p...
- Q154. A Chief Information Security Officer wants to implement security by design, starting with ...
- Q155. A team of analysts is developing a new internal system that correlates information from a ...
- Q156. A security analyst detects an email server that had been compromised in the internal netwo...
- Q157. An analyst is responding to an incident involving an attack on a company-owned mobile devi...
- Q158. While reviewing the web server logs a security analyst notices the following snippet ..\.....
- Q159. Which of the following is the most appropriate action a security analyst to take to effect...
- Q160. An incident response analyst is investigating the root cause of a recent malware outbreak....
- Q161. Some hard disks need to be taken as evidence for further analysis during an incident respo...
- Q162. During a review of recent network traffic, an analyst realizes the team has seen this same...
- Q163. A company has a primary control in place to restrict access to a sensitive database. Howev...
- Q164. Which of the following stakeholders are most likely to receive a vulnerability scan report...
- Q165. A cyber-security analyst is implementing a new network configuration on an existing networ...
- Q166. An employee accessed a website that caused a device to become infected with invasive malwa...
- Q167. The SOC received a threat intelligence notification indicating that an employee's credenti...
- Q168. During the security assessment of a new application, a tester attempts to log in to the ap...
- Q169. The Chief Information Security Officer for an organization recently received approval to i...
- Q170. While a security analyst for an organization was reviewing logs from web servers. the anal...
- Q171. An incident response team is working with law enforcement to investigate an active web ser...
- Q172. Which of the following is a nation-state actor least likely to be concerned with?...
- Q173. A Chief Executive Officer (CEO) is concerned the company will be exposed lo data sovereign...
- Q174. An organization wants to implement a privileged access management solution to better manag...
- Q175. Which of the following would a security analyst most likely use to compare TTPs between di...
- Q176. A security analyst recently used Arachni to perform a vulnerability assessment of a newly ...
- Q177. A threat hurting team received a new loC from an ISAC that follows a threat actor's profil...
- Q178. Which of the following best describes the document that defines the expectation to network...
- Q179. A security analyst has received an incident case regarding malware spreading out of contro...
- Q180. An incident response team receives an alert to start an investigation of an internet outag...
- Q181. An analyst is conducting routine vulnerability assessments on the company infrastructure. ...
- Q182. An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address k...
- Q183. Which of the following documents sets requirements and metrics for a third-party response ...
- Q184. Which of the following responsibilities does the legal team have during an incident manage...
- Q185. Results of a SOC customer service evaluation indicate high levels of dissatisfaction with ...
- Q186. During routine monitoring a security analyst identified the following enterprise network t...
- Q187. An organization needs to bring in data collection and aggregation from various endpoints. ...
- Q188. While reviewing web server logs, a security analyst discovers the following suspicious lin...
- Q189. Which of the following security operations tasks are ideal for automation?...
- Q190. SIMULATION Welcome to the Enterprise Help Desk System. Please work the ticket escalated to...
- Q191. Which of the following best describes the goal of a disaster recovery exercise as preparat...
- Q192. A security analyst observed the following activity from a privileged account: - Accessing ...
- Q193. A software developer is correcting the error-handling capabilities of an application follo...
- Q194. A security analyst has identified a new malware file that has impacted the organization. T...
- Q195. A cybersecurity analyst is tasked with scanning a web application to understand where the ...
- Q196. A systems administrator is reviewing after-hours traffic flows from data-center servers an...
- Q197. A company brings in a consultant to make improvements to its website. After the consultant...
- Q198. A security analyst is reviewing the following alert that was triggered by FIM on a critica...
- Q199. After reviewing the final report for a penetration test, a cybersecurity analyst prioritiz...
- Q200. A disgruntled open-source developer has decided to sabotage a code repository with a logic...
- Q201. Following a recent security incident, the Chief Information Security Officer is concerned ...
- Q202. Which of the following most accurately describes the Cyber Kill Chain methodology?...
- Q203. An analyst is conducting monitoring against an authorized team that win perform adversaria...
- Q204. In SIEM software, a security analysis selected some changes to hash signatures from monito...
- Q205. A user downloads software that contains malware onto a computer that eventually infects nu...
- Q206. Which of the following is the first step that should be performed when establishing a disa...
- Q207. Which of the following are the MOST likely reasons lo include reporting processes when upd...
- Q208. An organization discovered a data breach that resulted in PII being released to the public...
- Q209. A security analyst is trying to identify anomalies on the network routing. Which of the fo...
- Q210. A security analyst found an old version of OpenSSH running on a DMZ server and determined ...
- Q211. Which of the following techniques can help a SOC team to reduce the number of alerts relat...
[×]
Download PDF File
Enter your email address to download CuramSoftware.CS0-003.v2025-07-15.q211.pdf