CS0-002 Exam Question 86
Ransomware is identified on a company's network that affects both Windows and MAC hosts. The command and control channel for encryption for this variant uses TCP ports from 11000 to 65000. The channel goes to good1. Iholdbadkeys.com, which resolves to IP address 72.172.16.2.
Which of the following is the MOST effective way to prevent any newly infected systems from actually encrypting the data on connected network drives while causing the least disruption to normal Internet traffic?
Which of the following is the MOST effective way to prevent any newly infected systems from actually encrypting the data on connected network drives while causing the least disruption to normal Internet traffic?
CS0-002 Exam Question 87
A security analyst is conceded that a third-party application may have access to user passwords during authentication. Which of the following protocols should the application use to alleviate the analyst's concern?
CS0-002 Exam Question 88
A storage area network (SAN) was inadvertently powered off while power maintenance was being performed in a datacenter. None of the systems should have lost all power during the maintenance. Upon review, it is discovered that a SAN administrator moved a power plug when testing the SAN's fault notification features.
Which of the following should be done to prevent this issue from reoccurring?
Which of the following should be done to prevent this issue from reoccurring?
CS0-002 Exam Question 89
A security analyst reviews the latest reports from the company's vulnerability scanner and discovers the following:
Which of the following changes should the analyst recommend FIRST?
Which of the following changes should the analyst recommend FIRST?
CS0-002 Exam Question 90
Which of the following is an advantage of SOAR over SIEM?