Which of the following best describes the document that defines the expectation to network customers that patching will only occur between 2:00 a.m. and 4:00 a.m.?
Correct Answer: A
SLA (Service Level Agreement) is the best term to describe the document that defines the expectation to network customers that patching will only occur between 2:00 a.m. and 4:00 a.m., as it reflects the agreement between a service provider and a customer that specifies the services, quality, availability, and responsibilities that are agreed upon. An SLA is a common type of document that is used in various industries and contexts, such as IT, telecom, cloud computing, or outsourcing. An SLA typically includes metrics and indicators to measure the performance and quality of the service, such as uptime, response time, or resolution time. An SLA also defines the consequences or remedies for any breaches or failures of the service, such as penalties, refunds, or credits. An SLA can help to manage customer expectations, formalize communication, improve productivity, and strengthen relationships. The other terms are not as accurate as SLA, as they describe different types of documents or concepts. LOI (Letter of Intent) is a document that outlines the main terms and conditions of a proposed agreement between two or more parties, before a formal contract is signed. An LOI is usually non-binding and expresses the intention or interest of the parties to enter into a future agreement. An LOI can help to clarify the key points of a deal, facilitate negotiations, or demonstrate commitment. MOU (Memorandum of Understanding) is a document that describes a mutual agreement or cooperation between two or more parties, without creating any legal obligations or commitments. An MOU is usually more formal than an LOI, but less formal than a contract. An MOU can help to establish a common ground, define roles and responsibilities, or outline expectations and goals. KPI (Key Performance Indicator) is a concept that refers to a measurable value that demonstrates how effectively an organization or individual is achieving its key objectives or goals. A KPI is usually quantifiable and specific, such as revenue growth, customer satisfaction, or employee retention. A KPI can help to track progress, evaluate performance, or identify areas for improvement.
Question 107
A security analyst detects an email server that had been compromised in the internal network. Users have been reporting strange messages in their email inboxes and unusual network traffic. Which of the following incident response steps should be performed next?
Correct Answer: C
After detecting a compromised email server and unusual network traffic, the next step in incident response is containment, to prevent further damage or spread of the compromise. References: CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition, Chapter 5: Incident Response, page 197.
Question 108
Which of the following explains the importance of a timeline when providing an incident response report?
Correct Answer: C
An incident response timeline is a detailed chronological record of all events and actions taken during the response to a security incident. It includes timestamps and descriptions of each step, providing a comprehensive overview of how the incident was detected, contained, mitigated, and resolved. This timeline is crucial for post-incident analysis, helping to understand the effectiveness of the response, identify areas for improvement, and ensure accountability and transparency in the incident handling process.
Question 109
An analyst has discovered the following suspicious command: Which of the following would best describe the outcome of the command?
Correct Answer: C
ThePHP script allows remote users to execute system commands via the system() function, meaning an attacker can send arbitrary commands to the server. * Option A (Cross-site scripting - XSS)is incorrect because this script does not inject JavaScript into a webpage. * Option B (Reverse shell)is possible if an attacker sends a crafted command, but the script itself is more of a general backdoor than a dedicated reverse shell. * Option D (Logic bomb)is incorrect because a logic bomb is typicallytriggered by a specific event or daterather than executing arbitrary commands on demand. Thus,C (Backdoor attempt) is the best answer, as this scriptgrants unauthorized remote command execution.
Question 110
A security analyst has identified outgoing network traffic leaving the enterprise at odd times. The traffic appears to pivot across network segments and target domain servers. The traffic is then routed to a geographic location to which the company has no association. Which of the following best describes this type of threat?
Correct Answer: D
The described behavior(pivoting across network segments, targeting domain servers, and exfiltrating data to an unknown location)is characteristic of anadvanced persistent threat (APT), often linked to nation-state actors. * Option A (Hacktivist)attackers typically engage indefacements or disruptionrather thanstealthy exfiltration. * Option B (Zombie)refers tocompromised hosts in a botnet, but botnets do not usually pivot across networks. * Option C (Insider threat)could involve unauthorized access, but the traffic pattern suggests anexternal attacker withlateral movementtechniques. Thus,D is the correct answer, asnation-state actors often use sophisticated tactics, including data exfiltration and network pivoting.