2023 CompTIA CS0-002 Exam Dumps Questions

Category:

Comments:

0 Comments

Post Date:

May 25, 2023

CompTIA certification is a highly valuable and sought-after certification for IT professionals seeking to enhance their knowledge and expertise. CS0-002 exam is specifically designed to validate the skills required to configure and maintain the CompTIA CySA+ platform, which is widely used by businesses around the world. These CS0-002 exam dumps questions are specifically designed to help you prepare for the exam by testing your knowledge and providing you with valuable insights into the types of questions that you will encounter. Test free CompTIA CS0-002 exam questions below.

Page 1 of 12

1. An organization has the following policies:

* Services must run on standard ports.

* Unneeded services must be disabled.

The organization has the following servers:

* 192.168.10.1 - web server

* 192.168.10.2 - database server

A security analyst runs a scan on the servers and sees the following output:

Which of the following actions should the analyst take?

Disable HTTPS on 192.168.10.1.

Disable IIS on 192.168.10.1.

Disable DNS on 192.168.10.2.

Disable MSSQL on 192.168.10.2.

Disable SSH on both servers.

2. While conoXicting a cloud assessment, a security analyst performs a Prowler scan, which generates the following within the report:

Based on the Prowler report, which of the following is the BEST recommendation?

Delete Cloud Dev access key 1

Delete BusinessUsr access key 1.

Delete access key 1.

Delete access key 2.

3. A security analyst is trying to track physical locations of threat actors via SIEM log information. However, correlating IP addresses with geolocation is taking a long time, so the analyst asks a security engineer to add geolocation to the SIEM tool.

This is an example of using:

security orchestration, automation, and response.

continuous integration.

data enrichment.

threat feeds.

4. Wncn of the following provides an automated approach 10 checking a system configuration?

SCAP

CI/CD

OVAL

Scripting

SOAR

5. A company's application development has been outsourced to a third-party development team. Based on the SLA. The development team must follow industry best practices for secure coding.

Which of the following is the BEST way to verify this agreement?

Input validation

Security regression testing

Application fuzzing

User acceptance testing

Stress testing

6. During an audit several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products.

Which of the following would be the BEST way to locate this issue?

Reduce the session timeout threshold

Deploy MFA for access to the web server

Implement input validation

Run a static code scan

7. Which of the following BEST explains the function of trusted firmware updates as they relate to hardware assurance?

Trusted firmware updates provide organizations with development, compilation, remote access, and customization for embedded devices.

Trusted firmware updates provide organizations with security specifications, open-source libraries, and custom toots for embedded devices.

Trusted firmware updates provide organizations with remote code execution, distribution, maintenance, and extended warranties for embedded devices

Trusted firmware updates provide organizations with secure code signing, distribution, installation. and attestation for embedded devices.

8. During routine monitoring a security analyst identified the following enterpnse network traffic:

Packet capture output:

Which of the following BEST describes what the security analyst observed?

66.187.224.210 set up a DNS hijack with 192.168.12.21.

192.168.12.21 made a TCP connection to 66 187 224 210

192.168.12.21 made a TCP connection to 209 132 177 50

209.132.177.50 set up a TCP reset attack to 192 168 12 21

9. An analyst is coordinating with the management team and collecting several terabytes of data to analyze using advanced mathematical techniques in order to find patterns and correlations in events and activities.

Which of the following describes what the analyst is doing?

A. Data visualization

B. SOAR

C. Machine learning

D. SCAP

10. Which of the following SCAP standards provides standardization tor measuring and describing the seventy of security-related software flaws?

OVAL

CVSS

CVE

CCE

Page 2 of 12

11. A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is compatia.org. The testing is successful, and the security technician is prepared to fully implement the solution.

Which of the following actions should the technician take to accomplish this task?

Add TXT @ "v=spfl mx include: _spf.comptia. org -all" to the DNS record.

Add: XT @ "v=spfl mx include: _sp£.comptia.org -all" to the email server.

Add TXT @ "v=spfl mx include: _sp£. comptia.org +all" to the domain controller.

Add TXT @ "v=apfl mx lnclude: _spf .comptia.org +a 11" to the web server.

12. A company's legal and accounting teams have decided it would be more cost-effective to offload the risks of data storage to a third party. The IT management team has decided to implement a cloud model and has asked the security team for recommendations.

Which of the following will allow all data to be kept on the third-party network?

VDI

SaaS

CASB

FaaS

13. A cybersecunty analyst needs to harden a server that is currently being used as a web server The server needs to be accessible when entenng www company com into the browser Additionally web pages require frequent updates which are performed by a remote contractor.

Given the following output:

Which of the following should the cybersecunty analyst recommend to harden the server? (Select TWO).

Uninstall the DNS service

Perform a vulnerability scan

Change the server's IP to a private IP address

Disable the Telnet service

Block port 80 with the host-based firewall

Change the SSH port to a non-standard port

14. A company's blocklist has outgrown the current technologies in place. The ACLs are at maximum, and the IPS signatures only allow a certain amount of space for domains to be added, creating the need for multiple signatures.

Which of the following configuration changes to the existing controls would be the MOST appropriate to improve performance?

Implement a host-file-based solution that will use a list of all domains to deny for all machines on the network.

Create an IDS for the current blocklist to determine which domains are showing activity and may need to be removed

Review the current blocklist and prioritize it based on the level of threat severity. Add the domains with the highest severity to the blocklist.

Review the current blocklist to determine which domains can be removed from the list and then update the ACLs

15. The security team decides to meet informally to discuss and test the response plan for potential security breaches and emergency situations.

Which of the following types of training will the security team perform?

Tabletop exercise

Red-team attack

System assessment implementation

Blue-team training

White-team engagement

16. Which of the following activities is designed to handle a control failure that leads to a breach?

Risk assessment

Incident management

Root cause analysis

Vulnerability management

17. An analyst determines a security incident has occurred.

Which of the following is the most appropnate NEXT step in an incident response plan?

Consult the malware analysis process

Consult the disaster recovery plan

Consult the data classification process

Consult the communications plan

18. A security analyst is reviewing WAF alerts and sees the following request:

Which of the following BEST describes the attack?

SQL injection

LDAP injection

Command injection

Denial of service

19. A manufacturing company uses a third-party service provider lor Tier 1 security support One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests

Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?

Implement a secure supply chain program with governance

Implement blacklisting for IP addresses from outside the country

Implement strong authentication controls for all contractors

Implement user behavior analytics for key staff members

20. Which of the following ICS network protocols has no inherent security functions on TCP port 502?

CIP

DHCP

SSH

Modbus

Page 3 of 12

21. A company uses an FTP server to support its critical business functions.

The FTP server is configured as follows:

• The FTP service is running with (he data duectory configured in /opt/ftp/data.

• The FTP server hosts employees' home aVectories in /home

• Employees may store sensitive information in their home directories

An loC revealed that an FTP director/ traversal attack resulted in sensitive data loss.

Which of the following should a server administrator implement to reduce the risk of current and future directory traversal attacks targeted at the FTP server?

Implement file-level encryption of sensitive files

Reconfigure the FTP server to support FTPS

Run the FTP server n a chroot environment

Upgrade the FTP server to the latest version

22. Which of the following is the most effective approach to minimize the occurrence of vulnerabilities introduced by unintentional misconfigurations in the cloud?

Requiring security training certification before granting access to staff

Migrating all resources to a private cloud deployment

Restricting changes to the deployment of validated laC templates

Reducing laaS deployments by fostering serverless architectures

23. A security analyst discovers suspicious activity going to a high-value corporate asset. After reviewing the traffic, the security analyst identifies that malware was successfully installed on a machine.

Which of the following should be completed first?

Create an IDS signature of the malware file.

Create an IPS signature of the malware file.

Remove the malware from the host.

Contact the systems administrator.

24. A routine vulnerability scan detected a known vulnerability in a critical enterprise web application.

Which of the following would be the BEST next step?

Submit a change request to have the system patched

Evaluate the risk and criticality to determine it further action is necessary

Notify a manager of the breach and initiate emergency procedures.

Remove the application from production and Inform the users.

25. An analyst is reviewing registry keys for signs of possible compromise.

The analyst observes the following entries:

Which of the following entries should the analyst investigate first?

IAStorIcon

Quickset

SecurityHeaIth

calc

Word

26. A security analyst is reviewing malware files without running them.

Which of the following analysis types is the security analyst using?

Dynamic

Sandbox

Static

Heuristic

27. An organization discovers motherboards within the environment that appear to have been physically altered during the manufacturing process.

Which of the following is the BEST course of action to mitigate the risk of this reoccurring?

Perform an assessment of the firmware to determine any malicious modifications.

Conduct a trade study to determine if the additional risk constitutes further action.

Coordinate a supply chain assessment to ensure hardware authenticity.

Work with IT to replace the devices with the known-altered motherboards.

28. Which of me following are reasons why consumer IoT devices should be avoided in an enterprise environment? (Select TWO)

Message queuing telemetry transport does not support encryption.

The devices may have weak or known passwords.

The devices may cause a dramatic Increase in wireless network traffic.

The devices may utilize unsecure network protocols.

Multiple devices may interface with the functions of other loT devices.

The devices are not compatible with TLS 12.

29. A company has Detected a large number of tailed login attempts on its network A security analyst is investigating the network's activity logs to establish a pattern of behavior.

Which of the following techniques should the analyst use to analyze the increase in failed login attempts?

Evidence visualization

Pattern matching

Event correlation

Network sniffing

30. The following output is from a tcpdump al the edge of the corporate network:

Which of the following best describes the potential security concern?

Payload lengths may be used to overflow buffers enabling code execution.

Encapsulated traffic may evade security monitoring and defenses

This traffic exhibits a reconnaissance technique to create network footprints.

The content of the traffic payload may permit VLAN hopping.

Page 4 of 12

31. A new prototype for a company's flagship product was leaked on the internet As a result, the management team has locked out all USB drives Optical drive writers are not present on company computers The sales team has been granted an exception to share sales presentation files with third parties.

Which of the following would allow the IT team to determine which devices are USB enabled?

Asset tagging

Device encryption

Data loss prevention

SIEMIogs

32. A security analyst is investigate an no client related to an alert from the threat detection platform on a host (10.0 1.25) in a staging environment that could be running a cryptomining tool because it in sending traffic to an IP address that are related to Bitcoin.

The network rules for the instance are the following:

Which of the following is the BEST way to isolate and triage the host?

Remove rules 1.2. and 3.

Remove rules 1.2. 4. and 5.

Remove rules 1.2. 3.4. and 5.

Remove rules 1.2. and 5.

Remove rules 1.4. and 5.

Remove rules 4 and 5

33. Which of the following BEST describes how logging and monitoring work when entering into a public cloud relationship with a service provider?

Logging and monitoring are not needed in a public cloud environment

Logging and monitoring are done by the data owners

Logging and monitoring duties are specified in the SLA and contract

Logging and monitoring are done by the service provider

34. A security analyst discovers suspicious host activity while performing monitoring activities.

The analyst pulls a packet capture for the activity and sees the following:

Which of the following describes what has occurred?

The host attempted to download an application from utoftor.com.

The host downloaded an application from utoftor.com.

The host attempted to make a secure connection to utoftor.com.

The host rejected the connection from utoftor.com.

35. A development team recently released a new version of a public-facing website for testing prior to production. The development team is soliciting the help of various teams to validate the functionality of the website due to its high visibility.

Which of the following activities best describes the process the development team is initiating?

Static analysis

Stress testing

Code review

User acceptance testing

36. HOTSPOT

The developers recently deployed new code to three web servers. A daffy automated external device scan report shows server vulnerabilities that are failure items according to PCI DSS.

If the venerability is not valid, the analyst must take the proper steps to get the scan clean.

If the venerability is valid, the analyst must remediate the finding.

After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result and Remediation Action for each server listed using the drop-down options.

INTRUCTIONS:

The simulation includes 2 steps.

Step1: Review the information provided in the network diagram and then move to the STEP 2 tab.

STEP 2: Given the Scenario, determine which remediation action is required to address the vulnerability.

37. During the security assessment of a new application, a tester attempts to log in to the application but receives the following message incorrect password for given username.

Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information?

Set the web page to redirect to an application support page when a bad password is entered.

Disable error messaging for authentication

Recognize that error messaging does not provide confirmation of the correct element of authentication

Avoid using password-based authentication for the application

38. Which of the following best explains why it is important for companies to implement both privacy and security policies?

Private data is insecure by design, so different programs ensure both policies are addressed.

Security policies will automatically ensure the data complies with privacy regulations.

Privacy policies will satisfy all regulations to secure consumer and sensitive company data.

Both policies have some overlap, but the differences can have regulatory consequences.

39. An organization wants to consolidate a number of security technologies throughout the organization and standardize a workflow for identifying security issues prioritizing the severity and automating a response.

Which of the following would best meet the organization's needs?

MaaS

SIEM

SOAR

CI/CD

40. A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment.

Which of the following would be the BEST method to protect the company's data?

Implement UEM on an systems and deploy security software.

Implement DLP on all workstations and block company data from being sent outside the company

Implement a CASB and prevent certain types of data from being downloaded to a workstation

Implement centralized monitoring and logging for an company systems.

Page 5 of 12

41. Which of the following is the BEST option to protect a web application against CSRF attacks?

Update the web application to the latest version.

Set a server-side rate limit for CSRF token generation.

Avoid the transmission of CSRF tokens using cookies.

Configure the web application to only use HTTPS and TLS 1.3.

42. A security analyst sees the following OWASP ZAP output from a scan that was performed against a modern version of Windows while testing for client-side vulnerabilities:

Which of the following is the MOST likely solution to the listed vulnerability?

Enable the browser's XSS filter.

Enable Windows XSS protection

Enable the browser's protected pages mode

Enable server-side XSS protection

43. A Chief Information Security Officer has requested a security measure be put in place to redirect certain traffic on the network.

Which of the following would best resolve this issue?

Sinkholing

Blocklisting

Geoblocking

Sandboxing

44. A current, validated DLP solution Is now in place because of a previous data breach However, a new data breach has taken place

The following symptoms were observed shorty after a recent sales meeting:

* Sensitive corporate documents appeared on the dark web.

* Unusually large packets of data were being sent out.

Which of the following is most likely occurring?

Documents are not tagged properly to restrict sharing.

An insider threat is exfiltration data.

The DLP solution is not configured for unsecured web traffic

File audits are not enabled on CAS

45. Which of the following data exfiltration discoveries would most likely require communicating a breach to regulatory agencies?

CRM data

PHI files

SIEM logs

UEBA metrics

46. A security analyst is deploying a new application in the environment. The application needs to be integrated with several existing applications that contain SPI Pnor to the deployment, the analyst should conduct:

a tabletop exercise

a business impact analysis

a PCI assessment

an application stress test.

47. During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity The analyst also notes there is no other alert in place for this traffic.

After resolving the security incident, which of the following would be the BEST action for the analyst to take to increase the chance of detecting this traffic in the future?

Share details of the security incident with the organization's human resources management team

Note the security incident so other analysts are aware the traffic is malicious

Communicate the security incident to the threat team for further review and analysis

Report the security incident to a manager for inclusion in the daily report

48. A security analyst needs to provide the development learn with secure connectivity from the corporate network to a three-tier cloud environment. The developers require access to servers in all three tiers in order to perform various configuration tasks.

Which of the following technologies should the analyst implement to provide secure transport?

CASB

VPC

Federation

VPN

49. A vulnerability scanner has identified an out-of-support database software version running on a server. The software update will take six to nine months to complete. The management team has agreed to a one-year extended support contract with the software vendor.

Which of the following BEST describes the risk treatment in this scenario?

The extended support mitigates any risk associated with the software.

The extended support contract changes this vulnerability finding to a false positive.

The company is transferring the risk for the vulnerability to the software vendor.

The company is accepting the inherent risk of the vulnerability.

50. A threat feed disclosed a list of files to be used as an loC for a zero-day vulnerability.

A cybersecurity analyst decided to include a custom lookup for these files on the endpoint's log-in script as a mechanism to:

automate malware signature creation.

close the threat intelligence cycle loop.

generate a STIX object for the TAXII server

improve existing detection capabilities.

Page 6 of 12

51. An analyst is reviewing email headers to determine if an email has been sent from a legitimate sender. The organization uses SPF to validate email origination.

Which of the following most likely indicates an invalid originator?

Received-SPF: neutral

Received-SPF: none

Received-SPF softfail

Received-SPF: error

52. The help desk is having difficulty keeping up with all onboarding and offboarding requests. Managers often submit, requests for new users at the last minute. causing the help desk to scramble to create accounts across many different Interconnected systems.

Which of the following solutions would work BEST to assist the help desk with the onboarding and offboarding process while protecting the company's assets?

MFA

CASB

SSO

RBAC

53. While implementing a PKI for a company, a security analyst plans to utilize a dedicated server as the certAcate authority that is only used to sign intermediate certificates.

Which of the following are the MOST secure states for the certificate authority server when it is not in use? (Select TWO)

On a private VLAN

Full disk encrypted

Powered off

Backed up hourly

VPN accessible only

Air gapped

54. White reviewing incident reports from the previous night, a security analyst notices the corporate websites were defaced with po mcai propaganda.

Which of the following BEST Describes this type of actor?

Hacktivist

Nation-state

insider threat

Organized crime

55. A security analyst is reviewing the following Internet usage trend report:

Which of the following usernames should the security analyst investigate further?

User1

User 2

User 3

User 4

56. An organization has the following vulnerability remediation policies:

• For production environment servers:

• Vulnerabilities with a CVSS score of 9.0 or greater must be remediated within 48 hours.

• Vulnerabilities with a CVSS score of 5.0 to 8.9 must be remediated within 96 hours.

• Vulnerabilities in lower environments may be left unremediated for up to two weeks.

* All vulnerability remediations must be validated in a testing environment before they are applied in the production environment.

The organization has two environments: production and testing. The accounting Prod server is the only server that contains highly sensitive information.

A recent vulnerability scan provided the following report:

Which of the following identifies the server that should be patched first? (Choose Two)

timecardProd

timecardTesl

expense Prod

expenseTest

accountingProd

accountingTest

stagingTest

57. Which of the following is an advantage of SOAR over SIEM?

SOAR is much less expensive.

SOAR reduces the amount of human intervention required.

SOAR can aggregate data from many sources.

SOAR uses more robust encryption protocols.

58. Which of following allows Secure Boot to be enabled?

eFuse

UEFI

MSM

PAM

59. Which of the following can detect vulnerable third-parly libraries before code deployment?

Impact analysis

Dynamic analysis

Static analysis

Protocol analysis

60. The Chief Information Security Officer (CISO) of a large financial institution is seeking a solution that will block a predetermined set of data points from being transferred or downloaded by employees.

The CISO also wants to track the data assets by name, type, content, or data profile.

Which of the following BEST describes what the CIS wants to purchase?

Asset tagging

SIEM

File integrity monitor

DLP

Page 7 of 12

61. A team of network security analysts is examining network traffic to determine if sensitive data was exfiltrated. Upon further investigation, the analysts believe confidential data was compromised.

Which of the following capabilities would BEST defend against this type of sensitive data exfiltration?

Deploy an edge firewall.

Implement DLP

Deploy ED

Encrypt the hard drives

62. A security is reviewing a vulnerability scan report and notes the following finding:

As part of the detection and analysis procedures, which of the following should the analyst do NEXT?

Patch or reimage the device to complete the recovery

Restart the antiviruses running processes

Isolate the host from the network to prevent exposure

Confirm the workstation's signatures against the most current signatures.

63. An organization is concerned about the proper handling of data and wants to implement measures to help safeguard customer data and the organization's proprietary information from exposure.

Which of the following is the first step to improve awareness of overall privacy and protection?

Perform user acceptance testing.

Implement corporate policies.

Conduct biannual training.

Review data classification processes.

64. A security analyst is investigating an active threat of the system memory. While narrowing down the source of the threat, the analyst is inspecting all processes to isolate suspicious activity.

Which of the following techniques is the analyst using?

Live forensics

Logical acquisition

Timeline analysis

Static acquisition

65. A development team has asked users to conduct testing to ensure an application meets the needs of the business.

Which of the fallowing types of testing docs This describe?

Acceptance testing

Stress testing

Regression testing

Penetration testing

66. A security officer needs to find the most cost-effective solution to the current data privacy and protection gap found in the last security assessment.

Which of the following is the BEST recommendation?

Require users to sign NDAs

Create a data minimization plan.

Add access control requirements.

Implement a data loss prevention solution.

67. A security analyst observes a large amount of scanning activity coming from an IP address outside the organization's environment.

Which of the following should the analyst do to block this activity?

Create an IPS rule to block the subnet.

Sinkhole the IP address.

Create a firewall rule to block the IP address.

Close all unnecessary open ports.

68. A forensic analyst is conducting an investigation on a compromised server.

Which of the following should the analyst do first to preserve evidence''

Restore damaged data from the backup media

Create a system timeline

Monitor user access to compromised systems

Back up all log files and audit trails

69. An analyst is reviewing the following output as part of an incident:

Which of the Wowing is MOST likely happening?

The hosts are part of a reflective denial -of -service attack.

Information is leaking from the memory of host 10.20 30.40

Sensitive data is being exfilltrated by host 192.168.1.10.

Host 291.168.1.10 is performing firewall port knocking.

70. While reviewing a vulnerability assessment, an analyst notices the following issue is identified in the report:

this finding, which of the following would be most appropriate for the analyst to recommend to the network engineer?

Reconfigure the device to support only connections leveraging TLSv1.2.

Obtain a new self-signed certificate and select AES as the hashing algorithm.

Replace the existing certificate with a certificate that uses only MD5 for signing.

Use only signed certificates with cryptographically secure certificate sources.

Page 8 of 12

71. An employee contacts the SOC to report a high-severity bug that was identified in a new, internally developed web application, which went live in production last week. The SOC staff did not receive contact details or escalation procedures to follow.

Which of the following stages of the SDLC process was overlooked?

Input validation

Planning

Implementation and integration

Operations and maintenance

72. Which of the following types of controls defines placing an ACL on a file folder?

Technical control

Confidentiality control

Managerial control

Operational control

73. An organization wants to collect loCs from multiple geographic regions so it can sell the information to its customers.

Which of the following should the organization deploy to accomplish this task?

A honeypot

A bastion host

A proxy server

A Jumpbox

74. An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions. the user's account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis.

The organization has the following reporting priorities when reviewing system activity:

• Successful administrator login reporting priority - high

• Failed administrator login reporting priority - medium

• Failed temporary elevated permissions - low

• Successful temporary elevated permissions - non-reportable

A security analyst is reviewing server syslogs and sees the following:

Which of the following events is the HIGHEST reporting priority?

Option A

Option B

Option C

Option D

75. Which of the following BEST explains the function of a managerial control?

To help design and implement the security planning, program development, and maintenance of the security life cycle

To guide the development of training, education, security awareness programs, and system maintenance

To create data classification, risk assessments, security control reviews, and contingency planning

To ensure tactical design, selection of technology to protect data, logical access reviews, and the implementation of audit trails

76. An email analysis system notifies a security analyst that the following message was quarantined and requires further review.

Which of the following actions should the security analyst take?

Release the email for delivery due to its importance.

Immediately contact a purchasing agent to expedite.

Delete the email and block the sender.

Purchase the gift cards and submit an expense report.

77. A security analyst at exampte.com receives a SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream:

Winch of the following actions should the security analyst lake NEXT?

Review the known Apache vulnerabilities to determine if a compromise actually occurred

Contact the application owner for connect example local tor additional information

Mark the alert as a false positive scan coming from an approved source.

Raise a request to the firewall team to block 203.0.113.15.

78. A company is setting up a small, remote office to support five to ten employees. The company's home office is in a different city, where the company uses a cloud service provider for its business applications and a local server to host its data.

To provide shared access from the remote office to the local server and the business applications, which of the following would be the easiest and most secure solution?

Use a VPC to host the company's data and keep the current solution for the business applications.

Use a new server for the remote office to host the data and keep the current solution for the business applications.

Use a VDI for the home office and keep the current solution for the business applications.

Use a VPN to access the company's data in the home office and keep the current solution for the business applications.

79. An internally developed file-monitoring system identified the following except as causing a program to crash often:

Which of the following should a security analyst recommend to fix the issue?

Open the access.log file ri read/write mode.

Replace the strcpv function.

Perform input samtizaton

Increase the size of the file data buffer

80. During an Incident, it Is determined that a customer database containing email addresses, first names, and last names was exfiltrated.

Which of the following should the security analyst do NEXT?

Consult with the legal department for regulatory impact.

Encrypt the database with available tools.

Email the customers to inform them of the breach.

Follow the incident communications process.

Page 9 of 12

81. An analyst received an alert regarding an application spawning a suspicious command shell process.

Upon further investigation, the analyst observes the following registry change occurring immediately after the suspicious event:

Which of the following was the suspicious event able to accomplish?

Impair defenses.

Establish persistence.

Bypass file access controls.

Implement beaconing.

82. A security analyst notices the following proxy log entries:

Which of the following is the user attempting to do based on the log entries?

Use a DoS attack on external hosts.

Exfiltrate data.

Scan the network.

Relay email.

83. A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating data. The security engineer also see that deployed, up-to-date antivirus signatures are ineffective.

Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

IDS signatures

Data loss prevention

Port security

Sinkholing

84. Which of the following incident response components can identify who is the llaison between multiple lines of business and the pubic?

Red-team analysis

Escalation process and procedures

Triage and analysis

Communications plan

85. During the onboarding process for a new vendor, a security analyst obtains a copy of the vendor's latest penetration test summary:

Performed by: Vendor Red Team Last performed: 14 days ago

Which of the following recommendations should the analyst make first?

Perform a more recent penetration test.

Continue vendor onboarding.

Disclose details regarding the findings.

Have a neutral third party perform a penetration test.

86. According to a static analysis report for a web application, a dynamic code evaluation script injection vulnerability was found.

Which of the following actions is the BEST option to fix the vulnerability in the source code?

Delete the vulnerable section of the code immediately.

Create a custom rule on the web application firewall.

Validate user input before execution and interpretation.

Use parameterized queries.

87. HOTSPOT

A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.

Instructions:

Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.

For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.

Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.

The Linux Web Server, File-Print Server and Directory Server are draggable.

If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

88. Which of the following are considered PII by themselves? (Select TWO).

Government ID

Job title

Employment start date

Birth certificate

Employer address

Mother's maiden name

89. A security team has begun updating the risk management plan, incident response plan, and system security plan to ensure compliance with security review guidelines.

Which of the following can be executed by internal managers to simulate and validate the proposed changes?

Internal management review

Control assessment

Tabletop exercise

Peer review

90. During an incident response procedure, a security analyst acquired the needed evidence from the hard drive of a compromised machine.

Which of the following actions should the analyst perform next to ensure the data integrity of the evidence?

Generate hashes for each file from the hard drive.

Create a chain of custody document.

Determine a timeline of events using correct time synchronization.

Keep the cloned hard drive in a safe place.

Page 10 of 12

91. A technician working at company.com received the following email:

After looking at the above communication, which of the following should the technician recommend to the security team to prevent exposure of sensitive information and reduce the risk of corporate data being stored on non-corporate assets?

Forwarding of corporate email should be disallowed by the company.

A VPN should be used to allow technicians to troubleshoot computer issues securely.

An email banner should be implemented to identify emails coming from external sources.

A rule should be placed on the DLP to flag employee IDs and serial numbers.

92. When investigating a compromised system, a security analyst finds the following script in the /tmp directory:

Which of the following attacks is this script attempting, and how can it be mitigated?

This is a password-hijacking attack, and it can be mitigated by using strong encryption protocols.

This is a password-spraying attack, and it can be mitigated by using multifactor authentication.

This is a password-dictionary attack, and it can be mitigated by forcing password changes every 30 days.

This is a credential-stuffing attack, and it can be mitigated by using multistep authentication.

93. A digital forensics investigator works from duplicate images to preserve the integrity of the original evidence.

Which of the following types of media are most volatile and should be preserved? (Select two).

Memory cache

Registry file

SSD storage

Temporary filesystems

Packet decoding

Swap volume

94. Which of the following BEST identifies the appropriate use of threat intelligence as a function of detection and response?

To identify weaknesses in an organization's security posture

To identify likely attack scenarios within an organization

To build a business security plan for an organization

To build a network segmentation strategy

95. A security administrator needs to provide access from partners to an Isolated laboratory network inside an organization that meets the following requirements:

• The partners' PCs must not connect directly to the laboratory network.

• The tools the partners need to access while on the laboratory network must be available to all partners

• The partners must be able to run analyses on the laboratory network, which may take hours to complete

Which of the following capabilities will MOST likely meet the security objectives of the request?

Deployment of a jump box to allow access to the laboratory network and use of VDI in persistent mode to provide the necessary tools for analysis

Deployment of a firewall to allow access to the laboratory network and use of VDI in non-persistent mode to provide the necessary tools tor analysis

Deployment of a firewall to allow access to the laboratory network and use of VDI In persistent mode to provide the necessary tools for analysis

Deployment of a jump box to allow access to the Laboratory network and use of VDI in non-persistent mode to provide the necessary tools for analysis

96. A security analyst needs to automate the incident response process for malware infections.

When the following logs are generated, an alert email should automatically be sent within 30 minutes:

Which of the following is the best way for the analyst to automate alert generation?

Deploy a signature-based IDS

Install a UEBA-capable antivirus

Implement email protection with SPF

Create a custom rule on a SIEM

97. An organization is developing software to match customers' expectations.

Before the software goes into production, it must meet the following quality assurance guidelines

• Uncover all the software vulnerabilities.

• Safeguard the interest of the software's end users.

• Reduce the likelihood that a defective program will enter production.

• Preserve the Interests of me software producer

Which of me following should be performed FIRST?

Run source code against the latest OWASP vulnerabilities.

Document the life-cycle changes that look place.

Ensure verification and vacation took place during each phase.

Store the source code in a s oftware escrow.

Conduct a static analysis of the code.

98. A company's Chief Information Officer wants to use a CASB solution to ensure policies are being met during cloud access. Due to the nature of the company's business and risk appetite, the management team elected to not store financial information in the cloud. A security analyst needs to recommend a solution to mitigate the threat of financial data leakage into the cloud.

Which of the following should the analyst recommend?

Utilize the CASB to enforce DLP data-at-rest protection for financial information that is stored on premises.

Do not utilize the CASB solution for this purpose, but add DLP on premises for data in motion.

Utilize the CASB to enforce DLP data-in-motion protection for financial information moving to the cloud.

Do not utilize the CASB solution for this purpose, but add DLP on premises for data at rest.

99. A company is building a new internal network. Instead of creating new credentials, the company wants to streamline each employee's authentication.

Which of the following technologies would best fulfill this requirement?

VPN

SSO

SAML

MFA

100. An information security analyst is compiling data from a recent penetration test and reviews the following output:

The analyst wants to obtain more information about the web-based services that are running on the target.

Which of the following commands would most likely provide the needed information?

ping -t 10.79.95.173,rdns.datacenter.com

telnet 10.79.95.17.17 443

ftpd 10.79.95.173.rdns.datacenters.com 443

tracert 10.79,,95,173

Page 11 of 12

101. A company has a cluster of web servers that is critical to the business. A systems administrator installed a utility to troubleshoot an issue, and the utility caused the entire cluster to 90 offline.

Which of the following solutions would work BEST prevent to this from happening again?

Change management

Application whitelisting

Asset management

Privilege management

102. An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issued mobile device while connected to the network.

Which of the following actions would help during the forensic analysis of the mobile device? (Select TWO).

Resetting the phone to factory settings

Rebooting the phone and installing the latest security updates

Documenting the respective chain of custody

Uninstalling any potentially unwanted programs

Performing a memory dump of the mobile device for analysis

Unlocking the device by browsing the eFuse

103. A company is required to monitor for unauthorized changes to baselines on all assets to comply with industry regulations. Two of the remote units did not recover after scans were performed on the assets. An analyst needs to recommend a solution to prevent recurrence.

Which of the following is the best way to satisfy the regulatory requirement without impacting the availability to similar assets and creating an unsustainable process?

A. Manually review the baselines daily and document the results in a change history log

B. Document exceptions with compensating controls to demonstrate the risk mitigation efforts.

C. Implement a new scanning technology to satisfy the monitoring requirement and train the team.

D. Purchase new remote units from other vendors with a proven ability to support scanning requirements.

104. During a review of the vulnerability scan results on a server, an information security analyst notices the following:

The MOST appropriate action for the analyst to recommend to developers is to change the web server so:

It only accepts TLSvl 2

It only accepts cipher suites using AES and SHA

It no longer accepts the vulnerable cipher suites

SSL/TLS is offloaded to a WAF and load balancer

105. A security analyst performs a weekly vulnerability scan on a network that has 240 devices and receives a report with 2.450 pages.

Which of the following would most likely decrease the number of false positives?

Manual validation

Penetration testing

A known-environment assessment

Credentialed scanning

106. Which of the following is the best method to review and assess the security of the cloud service models used by a company on multiple CSPs?

Unifying and migrating all services in a single CSP

Executing an API hardening process on the CSPs' endpoints

Integrating the security benchmarks of the CSPs with a CASB

Deploying cloud instances using Nikto and OpenVAS

107. A security analyst is concerned about sensitive data living on company file servers following a zero-day attack that nearly resulted in a breach of millions of customer records. The after action report indicates a lack of controls around the file servers that contain sensitive data.

Which of the following DLP considerations would best help the analyst to classify and address the sensitive data on the file servers?

Implement a CASB device and connect the SaaS applications.

Deploy network DLP appliances pointed to all file servers.

Use data-at-rest scans to locate and identify sensitive data.

Install endpoint DLP agents on all computing resources.

108. During a routine security review, anomalous traffic from 9.9.9.9 was observed accessing a web server in the corporate perimeter network. The server is mission critical and must remain accessible around the world to serve web content. The Chief Information Security Officer has directed that improper traffic must be restricted.

The following output is from the web server:

Which of the following is the best method to accomplish this task?

Adjusting the IDS to block anomalous activity

Implementing port security

Adding 9.9.9.9 to the blocklist

Adjusting the firewall

109. A security analyst found an old version of OpenSSH running on a DMZ server and determined the following piece of code could have led to a command execution through an integer overflow;

Which of the following controls must be in place to prevent this vulnerability?

Convert all integer numbers in strings to handle the memory buffer correctly.

Implement float numbers instead of integers to prevent integer overflows.

Use built-in functions from libraries to check and handle long numbers properly.

Sanitize user inputs, avoiding small numbers that cannot be handled in the memory.

110. An intrusion detection analyst reported an inbound connection originating from an unknown IP address recorded on the VPN server for multiple internal hosts. During an investigation, a security analyst determines there were no identifiers associated with the hosts.

Which of the following should the security analyst enforce to obtain the best information?

Update the organization's IP table.

Enable user access logging.

Shut down all VPN connections.

Create rules for the Active Directory.

Page 12 of 12

111. During a risk assessment, a senior manager inquires about what the cost would be if a unique occurrence would impact the availability of a critical service. The service generates $1 ,000 in revenue for the organization. The impact of the attack would affect 20% of the server's capacity to perform jobs. The organization expects that five out of twenty attacks would succeed during the year.

Which of the following is the calculated single loss expectancy?

$200

$800

$5,000

$20,000

112. An organization's Cruel Information Security Officer is concerned the proper control are not in place to identify a malicious insider.

Which of the following techniques would be BEST to identify employees who attempt to steal data or do harm to the organization?

Place a text file named Passwords txt on the local file server and create a SIEM alert when the file is accessed

Segment the network so workstations are segregated from servers and implement detailed logging on the jumpbox

Perform a review of all users with privileged access and monitor web activity logs from the organization's proxy

Analyze logs to determine if a user is consuming large amounts of bandwidth at odd hours ol the day

TAGS:

CS0-002, CS0-002 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Posts

CompTIA Free Dumps

Get CS0-002 Dumps Full Version

Q&As: 372
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

2023 CompTIA CS0-002 Exam Dumps Questions

Related

Posts

Online XK0-005 Exam Dumps Help You Build Confidence

SY0-701 Dumps Questions – Effective Way to Get Certified

DS0-001 Dumps Questions Increase Your Chance of Success

Get Certified Easily with Online DA0-001 Dumps

About Us

EMAIL

Services

Opening Hours