CompTIA Updated CS0-002 Exam Questions and Answers by sky

A good approach for modeling the client’s attack surface is to look at attacks against similar industry peers and assess the probability of the same attacks happening. This can help the consultant to identify the most relevant and likely threats for the client based on their industry sector, size, location, and other factors. This can also help the consultant to prioritize the most critical risks and recommend appropriate mitigation strategies. Asking for external scans from industry peers (A) may not be feasible or reliable, as industry peers may not share their scan results or have different security configurations and vulnerabilities than the client. Discussing potential tools the client can purchase (B) may not be effective, as tools alone cannot reduce the likelihood of an attack without proper implementation and management. Meeting with senior management team (D) may not be helpful, as funding is not directly related to modeling the attack surface and may depend on other factors such as budget constraints and risk appetite.

Anti-tamper is a process that protects a system or device from unauthorized changes or modifications. It can also log and report any attempts to alter the system or device. The company is using anti-tamper to ensure the appliance is not altered from its original configured state. CI/CD, software assurance, and change management are not processes that specifically deal with unauthorized changes. Reference: https://www.acq.osd.mil/se/briefs/16943-DoD-AT-Overview-Brief.pdf

The correct answer is B. Extract the server’s system timeline, verifying hashes and network connections during a certain time frame. A system timeline is a chronological record of the events and activities that occurred on a system, such as file creation, modification, or deletion, process execution, registry changes, or network connections. A system timeline can help an analyst to understand how an attacker compromised a server by showing the sequence of actions and artifacts left by the attacker. An analyst can also verify the hashes of the files and processes involved in the compromise and compare them with known malware signatures or databases. Additionally, an analyst can check the network connections made by the server during the compromise and identify the source and destination IP addresses, ports, and protocols used by the attacker1.

Proactive threat-hunting is the process of actively searching for unknown threats in the network, rather than waiting for alerts or indicators of compromise. Some of the important reasons for performing proactive threat-hunting activities are:

• To uncover unknown threats that may have evaded detection by existing security tools or controls, and to mitigate them before they cause damage or data loss.
• To create a new security baseline that reflects the current state of the network, and to identify any anomalies or deviations from the normal behavior or activity.