Free Access CompTIA.CS0-001.v2022-04-30.q237 Practice Test (Page 5)

Question 16

Alerts have been received from the SIEM, indicating infections on multiple computers. Based on threat characteristic, these files were quarantined by the host-based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers; the URLs were clashed as uncategorized. The domain location of the IP address of the URLs that were blocked is checked, and it is registered to an ISP in Russia. Which of the following steps should be taken NEXT?

A.Run a vulnerability scan and patch discovered vulnerabilities on the next patching cycle Have the users restart their computer Create a use case in the SIEM to monitor farted logins on infected computers.

B.Install a computer with the same settings as the infected computers in the DM^ to use as a honeypot Permit the URLs classified as uncategorized to and from that host.

C.Run a full antivirus scan on all computers and use Splunk to search for any suspicious activity that happened just before the alerts were received in the SIEM.

D.Remove those computers from the network and replace the hard drives Send the Infected hard drives out lot investigation.

Question 17

During an investigation, a computer is being seized. Which of the following is the FIRST step the analyst
should take?

A.Power off the computer and remove it from the network.

B.Perform a physical hard disk image.

C.Initiate chain-of-custody documentation.

D.Unplug the network cable and take screenshots of the desktop.

Question 18

A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded.
Which of the following should the security analyst recommend to add additional security to this device?

A.The security analyst should recommend this device be included in regular vulnerability scans.

B.The security analyst should recommend this device be place behind a WAF.

C.The security analyst should recommend this device regularly export the web logs to a SIEM system.

D.The security analyst should recommend an IDS be placed on the network segment.

Question 19

A security analyst suspects that a workstation may be beaconing to a command and control server. Inspect the logs from the company's web proxy server and the firewall to determine the best course of action to take in order to neutralize the threat with minimum impact to the organization.
Instructions:
Modify the firewall ACL, using the Firewall ACL form to mitigate the issue.
If at any time you would like to bring back the initial state of the simulation, please select the Reset All button.

Question 20

Which of the following actions should occur to address any open issues while closing an incident involving various departments within the network?

A.Reverse engineering process

B.Lessons learned report

C.Incident response plan

D.Chain of custody documentation

Latest Upload: 102OCEG.GRCP.v2025-09-11.q211; 102HP.HPE0-V27.v2025-09-11.q78; 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 222CFAInstitute.ESG-Investing.v2025-09-08.q173; 157PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 147Salesforce.Data-Architect.v2025-09-05.q216; 141Adobe.AD0-E605.v2025-09-05.q50

Question 16

Question 17

Question 18

Question 19

Question 20

Download PDF File