A security analyst needs to perform a search for connections with a suspicious IP on the network traffic. The company collects full packet captures at the Internet gateway and retains them for one week. Which of the following will enable the analyst to obtain the BEST results?
A. tcpdump -n -r internet.pcap host
B. strings internet.pcap | grep
C. grep -a
D. npcapd internet.pcap | grep
Which of the following data security controls would work BEST to prevent real PII from being used in an organization's test cloud environment?
A. Encryption
B. Data loss prevention
C. Data masking
D. Digital rights management
E. Access control
A security analyst has discovered malware is spreading across multiple critical systems and is originating from a single workstations, which belongs to a member of the cyber-infrastructure team who has legitimate administrator credentials. An analysis of the traffic indicates the workstation swept the networking looking for vulnerable hosts to infect. Which of the following would have worked BEST to prevent the spread of this infection?
A. Vulnerability scans of the network and proper patching.
B. A properly configured and updated EDR solution.
C. A honeypot used to catalog the anomalous behavior and update the IPS.
D. Logical network segmentation and the use of jump boxes
A company's legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. They have asked a security analyst to help tailor the response plan to provide broad coverage for many situations. Which of the following is the BEST way to achieve this goal?
A. Focus on incidents that have a high chance of reputation harm.
B. Focus on common attack vectors first.
C. Focus on incidents that affect critical systems.
D. Focus on incidents that may require law enforcement support.
Which of the following is a best practice when sending a file/data to another individual in an organization?
A. When encrypting, split the file, and then compress each file.
B. Encrypt and then compress the file.
C. Encrypt the file but do not compress it.
D. Compress and then encrypt the file.
While reviewing network security events within a company, a security engineer notices a number of machines:
1.
Do not have minimum security requirements, such as AV updates
2.
Have different configurations that deviate from the corporate standard
3.
Are missing several critical security patches
Which of the following is the BEST solution to ensure machines that are introduced to the company's network meet the above security requirements?
A. Port security
B. Network access control
C. MAC filtering
D. Access control list
The management team assigned the following values to an inadvertent breach of privacy regulations during the original risk assessment:
1.
Probability = 25%
2.
Magnitude = $1,015 per record
3.
Total records = 10,000
Two breaches occurred during the fiscal year. The first compromised 35 records, and the second compromised 65 records. Which of the following is the value of the records that were compromised?
A. $10,150
B. $25,375
C. $101,500
D. $2,537,500
An analyst has received a notification about potential malicious activity against a web server. The analyst logs in to a central log collection server and runs the following command: "cat access.log.1 | grep "union". The output shown below appears:
<68.71.54.117> ??[31/Jan/2020:10:02:31 ?400] "Get /cgi-bin/backend1.sh?id=%20union%20select%20192.168.60.50 HTTP/1.1"
Which of the following attacks has occurred on the server?
A. Cross-site request forgery
B. SQL injection
C. Cross-site scripting
D. Directory traversal
A company's change management team has asked a security analyst to review a potential change to the email server before it is released into production. The analyst reviews the following change request:
Change request date: 2020-01-30 Change requester: Cindy Richardson Change asset: WIN2K-EMAIL001 Change requested: Modify the following SPF record to change +all to -all
Which of the following is the MOST likely reason for the change?
A. To reject email from servers that are not listed in the SPF record
B. To reject email from email addresses that are not digitally signed.
C. To accept email to the company's domain.
D. To reject email from users who are not authenticated to the network.
A software development team asked a security analyst to review some code for security vulnerabilities. Which of the following would BEST assist the security analyst while performing this task?
A. Static analysis
B. Dynamic analysis
C. Regression testing
D. User acceptance testing
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.