CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 281:

  A security analyst sees the following OWASP ZAP output from a scan that was performed against a modern version of Windows while testing for client-side vulnerabilities:

  Alert Detail Low (Medium) Web Browser XSS Protection not enabled Description: Web browser XSS protection not enabled, or disabled by the configuration of the HTTP Response header

  URL: https://domain.com/sun/ray

  Which of the following is the MOST likely solution to the listed vulnerability?

  A. Enable the browser's XSS filter.
  B. Enable Windows XSS protection
  C. Enable the browser's protected pages mode
  D. Enable server-side XSS protection
  A. Enable the browser's XSS filter.

• Question 282:

  An analyst needs to forensically examine a Windows machine that was compromised by a threat actor. Intelligence reports state this specific threat actor is characterized by hiding malicious artifacts, especially with alternate data streams. Based on this intelligence, which of the following BEST explains alternate data streams?

  A. A different way data can be streamlined if the user wants to use less memory on a Windows system for forking resources.
  B. A way to store data on an external drive attached to a Windows machine that is not readily accessible to users.
  C. A Windows attribute that provides for forking resources and is potentially used to hide the presence of secret or malicious files inside the file records of a benign file.
  D. A Windows attribute that can be used by attackers to hide malicious files within system memory.
  C. A Windows attribute that provides for forking resources and is potentially used to hide the presence of secret or malicious files inside the file records of a benign file.

• Question 283:

  A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization: Which of the following technologies would MOST likely be used to prevent this phishing attempt?

  

  A. DNSSEC
  B. DMARC
  C. STP
  D. S/IMAP
  B. DMARC

  ---

  Explanation/Reference:

  Reference: https://dmarc.org/

• Question 284:

  A security officer needs to find the most cost-effective solution to the current data privacy and protection gap found in the last security assessment.

  Which of the following is the BEST recommendation?

  A. Require users to sign NDAs
  B. Create a data minimization plan.
  C. Add access control requirements
  D. Implement a data loss prevention solution
  C. Add access control requirements

• Question 285:

  Which of the following BEST identifies the appropriate use of threat intelligence as a function of detection and response?

  A. To identify weaknesses in an organization's security posture
  B. To identify likely attack scenarios within an organization
  C. To build a business security plan for an organization
  D. To build a network segmentation strategy
  B. To identify likely attack scenarios within an organization

• Question 286:

  A security analyst is reviewing the output of tcpdump to analyze the type of activity on a packet capture:

  

  Which of the following generated the above output?

  A. A port scan
  B. A TLS connection
  C. A vulnerability scan
  D. A ping sweep
  A. A port scan

  ---

  Explanation/Reference:

  Port scan againts 442-446 ports. For port 443 the scanner closed the connection after SYN-ACK.

• Question 287:

  A security analyst recently used Arachni to perform a vulnerability assessment of a newly developed web application. The analyst is concerned about the following output:

  

  Which of the following is the MOST likely reason for this vulnerability?

  A. The developer set input validation protection on the specific field of search.aspx.
  B. The developer did not set proper cross-site scripting protections in the header.
  C. The developer did not implement default protections in the web application build.
  D. The developer did not set proper cross-site request forgery protections.
  A. The developer set input validation protection on the specific field of search.aspx.

• Question 288:

  Which of the following organizational initiatives would be MOST impacted by data severighty issues?

  A. Moving to a cloud-based environment
  B. Migrating to locally hosted virtual servers
  C. Implementing non-repudiation controls
  D. Encrypting local database queries
  A. Moving to a cloud-based environment

• Question 289:

  A security incident has been created after noticing unusual behavior from a Windows domain controller. The server administrator has discovered that a user logged in to the server with elevated permissions, but the user's account does not follow the standard corporate naming scheme. There are also several other accounts in the administrators group that do not follow this naming scheme. Which of the following is the possible cause for this behavior and the BEST remediation step?

  A. The Windows Active Directory domain controller has not completed synchronization, and should force the domain controller to sync.
  B. The server has been compromised and should be removed from the network and cleaned before reintroducing it to the network.
  C. The server administrator created user accounts cloning the wrong user ID, and the accounts should be removed from administrators and placed in an employee group.
  D. The naming scheme allows for too many variations, and the account naming convention should be updates to enforce organizational policies.
  D. The naming scheme allows for too many variations, and the account naming convention should be updates to enforce organizational policies.

• Question 290:

  An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform. Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?

  A. FaaS
  B. RTOS
  C. SoC
  D. GPS
  E. CAN bus
  E. CAN bus