CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 141:

  The development team has created a new employee application to allow the 35,000 staff members to communicate via video, chat rooms, and microblogs from anywhere in the world. The application was tested by a small user group, and the code reviews were completed. Which of the following is the best NEXT step the development team should take?

  A. Run the application through a web-application vulnerability scanner.
  B. Complete an additional round of code reviews to maintain project integrity.
  C. Stress test the application to ensure its ability to support the employee population.
  D. Isolate the application servers on premises to protect the communication methods.
  A. Run the application through a web-application vulnerability scanner.

• Question 142:

  A company's blocklist has outgrown the current technologies in place. The ACLs are at maximum, and the IPS signatures only allow a certain amount of space for domains to be added, creating the need for multiple signatures. Which of the following configuration changes to the existing controls would be the MOST appropriate to improve performance?

  A. Implement a host-file-based solution that will use a list of all domains to deny for all machines on the network.
  B. Create an IDS for the current blocklist to determine which domains are showing activity and may need to be removed.
  C. Review the current blocklist and prioritize it based on the level of threat severity. Add the domains with the highest severity to the blocklist and remove the lower-severity threats from it.
  D. Review the current blocklist to determine which domains can be removed from the list and then update the ACLs and IPS signatures.
  D. Review the current blocklist to determine which domains can be removed from the list and then update the ACLs and IPS signatures.

  ---

  Explanation/Reference:

  This is the most effective way to improve performance, as it allows you to reduce the amount of domains in the blocklist and reduce the size of the ACLs. By reviewing the blocklist and removing domains that are no longer active or no longer pose a threat, the blocklist can be reduced and the ACLs updated accordingly. This will reduce the amount of traffic and processing power required to manage the blocklist, and can help improve overall performance.

• Question 143:

  A company's change management team has asked a security analyst to review a potential change to the email server before it is released into production. The analyst reviews the following change request:

  Change request date: 2020-01-30 Change requester: Cindy Richardson Change asset: WIN2K-EMAIL001 Change requested: Modify the following SPF record to change +all to -all

  Which of the following is the MOST likely reason for the change?

  A. To reject email from servers that are not listed in the SPF record
  B. To reject email from email addresses that are not digitally signed.
  C. To accept email to the company's domain.
  D. To reject email from users who are not authenticated to the network.
  A. To reject email from servers that are not listed in the SPF record

• Question 144:

  Which of the following would best protect sensitive data if a device is stolen?

  A. Remote wipe of drive
  B. Self-encrypting drive
  C. Password-protected hard drive
  D. Bus encryption
  B. Self-encrypting drive

  ---

  Explanation/Reference:

  Encryption > Remote wipe

• Question 145:

  A new policy requires the security team to perform web application and OS vulnerability scans. All of the company's web applications use federated authentication and are accessible via a central portal. Which of the following should be implemented to ensure a more thorough scan of the company's web application, while at the same time reducing false positives?

  A. The vulnerability scanner should be configured to perform authenticated scans.
  B. The vulnerability scanner should be installed on the web server.
  C. The vulnerability scanner should implement OS and network service detection.
  D. The vulnerability scanner should scan for known and unknown vulnerabilities.
  A. The vulnerability scanner should be configured to perform authenticated scans.

• Question 146:

  An information security analyst discovered a virtual machine server was compromised by an attacker. Which of the following should be the FIRST step to confirm and respond to the incident?

  A. Pause the virtual machine,
  B. Shut down the virtual machine.
  C. Take a snapshot of the virtual machine.
  D. Remove the NIC from the virtual machine.
  E. Review host hypervisor log of the virtual machine.
  F. Execute a migration of the virtual machine.
  A. Pause the virtual machine,

  ---

  Explanation/Reference:

  If the VM has been compromised then merely taking another snapshot will just add another rollback point 'post compromise'.

  As per the forensic process admin should take a copy. Within the virtual environment this is performed by suspending (pausing) the VM and taking a copy of the folder that the VM and the associated file(s) are located within. This could be used as the start of the chain of custody and could be copied and analysed further.

• Question 147:

  Which of the following sources would a security analyst rely on to provide relevant and timely threat information concerning the financial services industry?

  A. Real-time and automated firewall rules subscriptions
  B. Open-source intelligence, such as social media and blogs
  C. Information sharing and analysis membership
  D. Common vulnerability and exposure bulletins
  C. Information sharing and analysis membership

• Question 148:

  A large company would like a security analyst to recommend a solution that will allow only company laptops to connect to the corporate network. Which of the following technologies should the analyst recommend?

  A. UEBA
  B. DLP
  C. NAC
  D. EDR
  C. NAC

• Question 149:

  During an incident, an analyst works closely with specific team members. Which of the following best explains why communication is limited to specific team members?

  A. To determine when information can be released
  B. To provide rules and regulations on reporting requirements
  C. To prevent an inadvertent release of information
  D. To determine who can participate
  C. To prevent an inadvertent release of information

• Question 150:

  An employee was conducting research on the Internet when a message from cyber criminals appeared on the screen, stating the hard drive was just encrypted by a ransomware variant. An analyst observes the following:

  1.

  Antivirus signatures were updated recently

  2.

  The desktop background was changed

  3.

  Web proxy logs show browsing to various information security sites and ad network traffic

  4.

  There is a high volume of hard disk activity on the file server

  5.

  SMTP server shown the employee recently received several emails from blocked senders

  6.

  The company recently switched web hosting providers

  7.

  There are several IPS alerts for external port scans

  Which of the following describes how the employee got this type of ransomware?

  A. The employee fell victim to a CSRF attack
  B. The employee was using another user's credentials
  C. The employee opened an email attachment
  D. The employee updated antivirus signatures
  A. The employee fell victim to a CSRF attack