CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 191:

  During an audit several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products.

  Which of the following would be the BEST way to locate this issue?

  A. Reduce the session timeout threshold.
  B. Deploy MFA for access to the web server.
  C. Implement input validation.
  D. Run a dynamic code analysis.
  D. Run a dynamic code analysis.

• Question 192:

  A security analyst recently discovered two unauthorized hosts on the campus's wireless network segment from a man-m-the-middle attack .The security analyst also verified that privileges were not escalated, and the two devices did not gain access to other network devices

  Which of the following would BEST mitigate and improve the security posture of the wireless network for this type of attack?

  A. Enable MAC filtering on the wireless router and suggest a stronger encryption for the wireless network,
  B. Change the SSID, strengthen the passcode, and implement MAC filtering on the wireless router.
  C. Enable MAC filtering on the wireless router and create a whitelist that allows devices on the network
  D. Conduct a wireless survey to determine if the wireless strength needs to be reduced.
  A. Enable MAC filtering on the wireless router and suggest a stronger encryption for the wireless network,

• Question 193:

  A company that uses email for all internal and external communications received a legal notice from a vendor that was disputing a contract award. The company needs to implement a legal hold on the email of users who were involved in the vendor selection process and the awarding of the contract. Which of the following describes the appropriate steps that should be taken to comply with the legal notice?

  A. Notify the security team of the legal hold and remove user access to the email accounts.
  B. Coordinate with legal counsel and then notify the security team to ensure the appropriate email accounts are frozen.
  C. Disable the user accounts that are associated with the legal hold and create new user accounts so they can continue doing business.
  D. Encrypt messages that are associated with the legal hold and initiate a chain of custody to ensure admissibility in future legal proceedings.
  B. Coordinate with legal counsel and then notify the security team to ensure the appropriate email accounts are frozen.

• Question 194:

  The Chief Information Security Officer (CISO) of a large financial institution is seeking a solution that will block a predetermined set of data points from being transferred or downloaded by employees. The CISO also wants to track the data assets by name, type, content, or data profile.

  Which of the following BEST describes what the CIS wants to purchase?

  A. Asset tagging
  B. SIEM
  C. File integrity monitor
  D. DLP
  D. DLP

• Question 195:

  Nmap scan results on a set of IP addresses returned one or more lines beginning with "cpe:/o:" followed by a company name, product name, and version. Which of the following would this string help an administrator to identify?

  A. Operating system
  B. Running services
  C. Installed software D. Installed hardware
  A. Operating system

• Question 196:

  A team of security analysis has been alerted to potential malware activity. The initial examination indicates one of the affected workstations on beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team's NEXT step during the detection phase of this response process?

  A. Escalate the incident to management ,who will then engage the network infrastructure team to keep them informed
  B. Depending on system critically remove each affected device from the network by disabling wired and wireless connections
  C. Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses Identify potentially affected systems by creating a correlation
  D. Identify potentially affected system by creating a correlation search in the SIEM based on the network traffic.
  D. Identify potentially affected system by creating a correlation search in the SIEM based on the network traffic.

• Question 197:

  Which of the following is a vulnerability that is specific to hypervisors?

  A. DDoS
  B. VLAN hopping
  C. Weak encryption
  D. WMescape
  D. WMescape

• Question 198:

  An organizational policy requires one person to input accounts payable and another to do accounts receivable. A separate control requires one person to write a check and another person to sign all checks greater than $5,000 and to get an additional signature for checks greater than $10,000.

  Which of the following controls has the organization implemented?

  A. Segregation of duties
  B. Job rotation
  C. Non-repudiaton
  D. Dual control
  A. Segregation of duties

  ---

  Explanation/Reference:

  Segregation of duties is a security control that requires multiple people to be involved with completing a task. This helps prevent fraud, as it ensures that no one individual has the ability to commit fraud or make mistakes without other people being aware of it.

• Question 199:

  A vulnerability assessment solution is hosted in the cloud. This solution will be used as an accurate inventory data source for both the configuration management database and the governance risk and compliance tool. An analyst has been asked to automate the data acquisition. Which of the following would be the BEST way to acquire the data?

  A. CSV export
  B. SOAR
  C. API
  D. Machine learning
  C. API

  ---

  Explanation/Reference:

  An example of API is google weather app, using the weather channel's API to collect accurate weather data and broadcast it on goggle weather app, so google doesn't have to do it their selves

• Question 200:

  Which of the following is the best method to ensure secure boot UEFI features are enabled to prevent boot malware?

  A. Enable secure boot in the hardware and reload the operating system.
  B. Reconfigure the system's MBR and enable NTFS.
  C. Set UEFI to legacy mode and enable security features.
  D. Convert the legacy partition table to UEFI and repair the operating system.
  A. Enable secure boot in the hardware and reload the operating system.

  ---

  Explanation/Reference:

  Secure Boot is an important security feature designed to prevent malicious software from loading when your PC starts up (boots). Most modern PCs are capable of Secure Boot, but in some instances, there may be settings that cause the PC to appear to not be capable of Secure Boot. These settings can be changed in the PC firmware. Firmware, often called BIOS (Basic Input/Output System), is the software that starts up before Windows when you first turn on your PC.