CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 151:

  An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians. Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO).

  A. Drive adapters
  B. Chain of custody form
  C. Write blockers
  D. Crime tape
  E. Hashing utilities
  F. Drive imager
  B. Chain of custody form
  C. Write blockers

• Question 152:

  A finance department employee has received a message that appears to have been sent from the Chief Financial Officer (CFO) asking the employee to perform a wife transfer Analysis of the email shows the message came from an external source and is fraudulent. Which of the following would work BEST to improve the likelihood of employees quickly recognizing fraudulent emails?

  A. Implementing a sandboxing solution for viewing emails and attachments
  B. Limiting email from the finance department to recipients on a pre-approved whitelist
  C. Configuring email client settings to display all messages in plaintext when read
  D. Adding a banner to incoming messages that identifies the messages as external
  D. Adding a banner to incoming messages that identifies the messages as external

• Question 153:

  A security analyst found the following entry in a server log:

  

  The analyst executed netstat and received the following output:

  

  Which of the following lines in the output confirms this was successfully executed by the server?

  A. 1
  B. 2
  C. 3
  D. 4
  E. 5
  F. 6
  G. 7
  E. 5

• Question 154:

  Which of the following are the MOST likely reasons lo include reporting processes when updating an incident response plan after a breach? (Select TWO).

  A. To establish a clear chain of command
  B. To meet regulatory requirements for timely reporting
  C. To limit reputation damage caused by the breach
  D. To remediate vulnerabilities that led to the breach
  E. To isolate potential insider threats
  F. To provide secure network design changes
  B. To meet regulatory requirements for timely reporting
  C. To limit reputation damage caused by the breach

  ---

  Explanation/Reference:

  The most likely reasons to include reporting processes when updating an incident response plan after a breach are to meet regulatory requirements for timely reporting and to limit reputation damage caused by the breach.

• Question 155:

  A security analyst is attempting to utilize the blowing threat intelligence for developing detection capabilities:

  APT X's approach to a target would be sending a phishing email to the target after conducting active and passive reconnaissance. Upon successful compromise, APT X conducts internal reconnaissance and attempts to move laterally by utilizing existing resources. When APT X finds data that aligns to its objectives, it stages and then exfiltrates data sets in sizes that can range from 1GB to 5GB. APT X also establishes several backdoors to maintain a C2 presence in the environment.

  In which of the following phases is this APT MOST likely to leave discoverable artifacts?

  A. Data collection/exfiltration
  B. Defensive evasion
  C. Lateral movement
  D. Reconnaissance
  A. Data collection/exfiltration

• Question 156:

  Due to a security breach initiated from South America, the Chief Security Officer (CSO) instructed a team to design and implement an appropriate security control to prevent such an attack from reoccurring. The company has sales and consulting teams across the United States that need access to company resources. The security manager implemented a location-based authentication to prevent non-US-based access to the company networks. Three months later, the same incident reoccurred with an attack originating from a country in Asia. Which of the following security design defects could be the cause?

  A. The team did not account for the VPN access and did not ensure non-repudiation
  B. The company just replaced a firewall that had a DDoS vulnerability
  C. The sales and supports are reusing the same passwords for their personal accounts, such as banking and email
  D. The hackers left a backdoor within the company networks that was not cleaned successfully
  A. The team did not account for the VPN access and did not ensure non-repudiation

• Question 157:

  A manufacturing company uses a third-party service provider lor Tier 1 security support One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests/

  Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?

  A. Implement a secure supply chain program with governance
  B. Implement blacklisting for IP addresses from outside the country
  C. Implement strong authentication controls for all contractors
  D. Implement user behavior analytics for key staff members
  A. Implement a secure supply chain program with governance

• Question 158:

  When network administrators observe an increased amount of web traffic without an increased number of financial transactions, the company is MOST likely experiencing which of the following attacks?

  A. Bluejacking
  B. ARP cache poisoning
  C. Phishing
  D. DoS
  D. DoS

• Question 159:

  Which of the following organizations would have to remediate embedded controller vulnerabilities?

  A. Banking institutions
  B. Public universities
  C. Regulatory agencies
  D. Hydroelectric facilities
  D. Hydroelectric facilities

• Question 160:

  An organization wants to implement a privileged access management solution to belter manage the use ot emergency and privileged service accounts.

  Which of the following would BEST satisfy the organization's goal?

  A. Access control lists
  B. Discretionary access controls
  C. Policy-based access controls
  D. Credential vaulting
  C. Policy-based access controls