Exam Name: | CompTIA CyberSecurity Analyst CySA+ Certification Exam | ||
Exam Code: | CS0-003 Dumps | ||
Vendor: | CompTIA | Certification: | CompTIA CySA+ |
Questions: | 424 Q&A's | Shared By: | maddox |
A SOC receives several alerts indicating user accounts are connecting to the company’s identity provider through non-secure communications. User credentials for accessing sensitive, business-critical systems could be exposed. Which of the following logs should the SOC use when determining malicious intent?
A SIEM alert is triggered based on execution of a suspicious one-liner on two workstations in the organization's environment. An analyst views the details of these events below:
Which of the following statements best describes the intent of the attacker, based on this one-liner?
Which of the following is a benefit of the Diamond Model of Intrusion Analysis?
A systems analyst is limiting user access to system configuration keys and values in a Windows environment. Which of the following describes where the analyst can find these configuration items?