CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 161:

  Given the Nmap request below:

  

  Which of the following actions will an attacker be able to initiate directly against this host?

  A. Password sniffing
  B. ARP spoofing
  C. A brute-force attack
  D. An SQL injection
  C. A brute-force attack

• Question 162:

  Malicious users utilized brute force to access a system. An analyst is investigating these attacks and recommends methods to management that would help secure the system. Which of the following controls should the analyst recommend? (Choose three.)

  A. Multifactor authentication
  B. Network segmentation
  C. Single sign-on
  D. Encryption
  E. Complexity policy
  F. Biometrics
  G. Obfuscation
  A. Multifactor authentication
  E. Complexity policy
  F. Biometrics

• Question 163:

  During an investigation, an analyst discovers the following rule in an executive's email client:

  IF * TO THEN mailto: SELECT FROM `sent' THEN DELETE FROM

  The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?

  A. Check the server logs to evaluate which emails were sent to
  B. Use the SIEM to correlate logging events from the email server and the domain server
  C. Remove the rule from the email client and change the password
  D. Recommend that management implement SPF and DKIM
  C. Remove the rule from the email client and change the password

• Question 164:

  Which of me following are reasons why consumer IoT devices should be avoided in an enterprise environment? (Select TWO)

  A. Message queuing telemetry transport does not support encryption.
  B. The devices may have weak or known passwords.
  C. The devices may cause a dramatic Increase in wireless network traffic.
  D. The devices may utilize unsecure network protocols.
  E. Multiple devices may interface with the functions of other loT devices.
  F. The devices are not compatible with TLS 12.
  B. The devices may have weak or known passwords.
  D. The devices may utilize unsecure network protocols.

• Question 165:

  A security analyst on the threat-hunting team has developed a list of unneeded, benign services that are currently running as part of the standard OS deployment for workstations. The analyst will provide this list to the operations team to

  create a policy that will automatically disable the services for all workstations in the organization.

  Which of the following BEST describes the security analyst's goal?

  A. To create a system baseline
  B. To reduce the attack surface
  C. To optimize system performance
  D. To improve malware detection
  B. To reduce the attack surface

• Question 166:

  A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The Organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan?

  A. Make sure the scan is credentialed, covers at hosts in the patch management system, and is scheduled during business hours so it can be terminated if it affects business operations.
  B. Make sure the scan is uncredentialed, covers at hosts in the patch management system, and Is scheduled during of business hours so it has the least impact on operations.
  C. Make sure the scan is credentialed, has the latest software and signature versions, covers all external hosts in the patch management system and is scheduled during off- business hours so it has the least impact on operations.
  D. Make sure the scan is credentialed, uses a ironed plug-in set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations.
  D. Make sure the scan is credentialed, uses a ironed plug-in set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations.

• Question 167:

  A security engineer must deploy X 509 certificates to two web servers behind a load balancer. Each web server is configured identically. Which of the following should be done to ensure certificate name mismatch errors do not occur?

  A. Create two certificates, each with the same fully qualified domain name, and associate each with the web servers' real IP addresses on the load balancer.
  B. Create one certificate on the load balancer and associate the site with the web servers' real IP addresses.
  C. Create two certificates, each with the same fully qualified domain name, and associate each with a corresponding web server behind the load balancer.
  D. Create one certificate and export it to each web server behind the load balancer.
  C. Create two certificates, each with the same fully qualified domain name, and associate each with a corresponding web server behind the load balancer.

• Question 168:

  A security analyst, who is working for a company that utilizes Linux servers, receives the following results from a vulnerability scan:

  

  Which of the following is MOST likely a false positive?

  A. ICMP timestamp request remote date disclosure
  B. Windows SMB service enumeration via \srvsvc
  C. Anonymous FTP enabled
  D. Unsupported web server detection
  B. Windows SMB service enumeration via \srvsvc

• Question 169:

  A development team recently released a new version of a public-facing website for testing prior to production. The development team is soliciting the help of various teams to validate the functionality of the website due to its high visibility. Which of the following activities best describes the process the development team is initiating?

  A. Static analysis
  B. Stress testing
  C. Code review
  D. User acceptance testing
  D. User acceptance testing

• Question 170:

  Ann, a user, reports to the security team that her browser began redirecting her to random sites while using her Windows laptop. Ann further reports that the OS shows the C: drive is out of space despite having plenty of space recently. Ann

  claims she not downloaded anything. The security team obtains the laptop and begins to investigate, noting the following:

  File access auditing is turned off.

  When clearing up disk space to make the laptop functional, files that appear to be cached web pages are immediately created in a temporary directory, filling up the available drive space. All processes running appear to be legitimate

  processes for this user and machine. Network traffic spikes when the space is cleared on the laptop.

  No browser is open.

  Which of the following initial actions and tools would provide the BEST approach to determining what is happening?

  A. Delete the temporary files, run an Nmap scan, and utilize Burp Suite.
  B. Disable the network connection, check Sysinternals Process Explorer, and review netstat output.
  C. Perform a hard power down of the laptop, take a dd image, and analyze with FTK.
  D. Review logins to the laptop, search Windows Event Viewer, and review Wireshark captures.
  B. Disable the network connection, check Sysinternals Process Explorer, and review netstat output.