CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 241:

  A security analyst wants to identify which vulnerabilities a potential attacker might initially exploit if the network is compromised Which of the following would provide the BEST results?

  A. Baseline configuration assessment
  B. Uncredentialed scan
  C. Network ping sweep
  D. External penetration test
  D. External penetration test

• Question 242:

  A security analyst is monitoring a company's network traffic and finds ping requests going to accounting and human resources servers from a SQL server. Upon investigation, the analyst discovers a technician responded to potential network connectivity issues. Which of the following is the BEST way for the security analyst to respond?

  A. Report this activity as a false positive, as the activity is legitimate.
  B. Isolate the system and begin a forensic investigation to determine what was compromised.
  C. Recommend network segmentation to management as a way to secure the various environments.
  D. Implement host-based firewalls on all systems to prevent ping sweeps in the future.
  A. Report this activity as a false positive, as the activity is legitimate.

  ---

  Explanation/Reference:

  Reporting this activity as a false positive, as the activity is legitimate, is the best way for the security analyst to respond. A false positive is a condition in which harmless traffic is classified as a potential network attack by a security monitoring tool. Ping requests are a common network diagnostic tool that can be used to test network connectivity issues. The technician who responded to potential network connectivity issues was performing a legitimate task and did not pose any threat to the accounting and human resources servers . https://www.techopedia.com/definition39/memory-dump

• Question 243:

  The security team has determined that the current incident response resources cannot meet management's objective to secure a forensic image for all serious security incidents within 24 hours. Which of the following compensating controls can be used to help meet management's expectations?

  A. Separation of duties
  B. Scheduled reviews
  C. Dual control
  D. Outsourcing
  D. Outsourcing

• Question 244:

  While conducting a network infrastructure review, a security analyst discovers a laptop that is plugged into a core switch and hidden behind a desk.

  The analyst sees the following on the laptop's screen:

  [*] [NBT-NS] Poisoned answer sent to 192.169.23.115 for name FILE-SHARE-A (service: File Server) [*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-SHARE-A [*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-SHARE-A [SMBv2] NTLMv2-SSP Client : 192.168.23.115 [SMBv2] NTLMv2-SSP Username : CORP\jsmith [SMBv2] NTLMv2-SSP Hash : F5DBF769CFEA7... [*] [NBT-NS] Poisoned answer sent to 192.169.23.24 for name FILE-SHARE-A (service: File Server) [*] [LLMNR] Poisoned answer sent to 192.168.23.24 for name FILE-SHARE-A [*] [LLMNR] Poisoned answer sent to 192.168.23.24 for name FILE-SHARE-A [SMBv2] NTLMv2-SSP Client : 192.168.23.24 [SMBv2] NTLMv2-SSP Username : CORP\progers [SMBv2] NTLMv2-SSP Hash : 6D093BE2FDD70A...

  Which of the following is the BEST action for the security analyst to take?

  A. Initiate a scan of devices on the network to find password-cracking tools.
  B. Disconnect the laptop and ask the users jsmith and progers to log out.
  C. Force all users in the domain to change their passwords at the next login.
  D. Take the FILE-SHARE-A server offline and scan it for viruses.
  B. Disconnect the laptop and ask the users jsmith and progers to log out.

  ---

  Explanation/Reference:

  The output on the laptop looks like the authentication service has been poisoned, and 2 accounts have been compromised.

  Requiring all users to change their passwords could be overkill, if there isn't more to this output.

  Though taking the server offline and scanning for viruses may be a good idea, this answer however does nothing to remediate the compromised accounts which would be my main concern given the scenario. Disconnecting the laptop, and

  remediating the compromised hashes would be the best course of action for this in my opinion. As this would stop the poisoning, and prevent any unauthorized access from cracking the hashes.

• Question 245:

  During an incident, a cybersecurity analyst found several entries in the web server logs that are related to an IP with a bad reputation. Which of the following would cause the analyst to further review the incident?

  A. BadReputationIp - - [2019-04-12 10:43Z] "GET /etc/passwd" 403 1023
  B. BadReputationIp - - [2019-04-12 10:43Z] "GET /index.html?src=../.ssh/id_rsa" 401 17044
  C. BadReputationIp - - [2019-04-12 10:43Z] "GET /a.php?src=/etc/passwd" 403 11056
  D. BadReputationIp - - [2019-04-12 10:43Z] "GET /a.php?src=../../.ssh/id_rsa" 200 15036
  E. BadReputationIp - - [2019-04-12 10:43Z] "GET /favicon.ico?src=../usr/share/ icons" 200 19064
  D. BadReputationIp - - [2019-04-12 10:43Z] "GET /a.php?src=../../.ssh/id_rsa" 200 15036

• Question 246:

  Bootloader malware was recently discovered on several company workstations. All the workstations run Windows and are current models with UEFI capability. Which of the following UEFI settings is the MOST likely cause of the infections?

  A. Compatibility mode
  B. Secure boot mode
  C. Native mode
  D. Fast boot mode
  A. Compatibility mode

• Question 247:

  A security analyst is analyzing the following output from the Spider tab of OWASP ZAP after a vulnerability scan was completed:

  

  Which of the following options can the analyst conclude based on the provided output?

  A. The scanning vendor used robots to make the scanning job faster
  B. The scanning job was successfully completed, and no vulnerabilities were detected
  C. The scanning job did not successfully complete due to an out of scope error
  D. The scanner executed a crawl process to discover pages to be assessed
  D. The scanner executed a crawl process to discover pages to be assessed

  ---

  Explanation/Reference:

  The output shows the result of using OWASP ZAP's Spider tab after a vulnerability scan was completed. The Spider tab allows users to crawl web applications and discover pages and resources that can be assessed for vulnerabilities. The

  output shows that the scanner discovered various pages under different directories, such as /admin/, /blog/, /contact/, etc., as well as some parameters and forms that can be used for testing inputs and outputs.

  References: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 9;

  https://www.zaproxy.org/docs/desktop/start/features/spider/

• Question 248:

  A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http:///a.php in a phishing email.

  To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the __________.

  A. email server that automatically deletes attached executables.
  B. IDS to match the malware sample.
  C. proxy to block all connections to .
  D. firewall to block connection attempts to dynamic DNS hosts.
  C. proxy to block all connections to .

• Question 249:

  A cybersecurity analyst is supposing an incident response effort via threat intelligence.

  Which of the following is the analyst MOST likely executing?

  A. Requirements analysis and collection planning
  B. Containment and eradication
  C. Recovery and post-incident review
  D. Indicator enrichment and research pivoting
  D. Indicator enrichment and research pivoting

• Question 250:

  A security analyst performed a review of an organization's software development life cycle. The analyst reports that the life cycle does not contain in a phase in which team members evaluate and provide critical feedback on another developer's code. Which of the following assessment techniques is BEST for describing the analyst's report?

  A. Architectural evaluation
  B. Waterfall
  C. Whitebox testing
  D. Peer review
  D. Peer review