CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 431:

  A cybersecurity analyst is working with a SIEM tool and reviewing the following table:

  

  When creating a rule in the company's SIEM, which of the following would be the BEST approach for the analyst to use to assess the risk level of each vulnerability that is discovered by the vulnerability assessment tool?

  A. Create a trend with the table and join the trend with the desired rule to be able to extract the risk level of each vulnerability
  B. Use Boolean filters in the SIEM rule to take advantage of real-time processing and RAM to store the table dynamically, generate the results faster, and be able to display the table in a dashboard or export it as a report
  C. Use a static table stored on the disk of the SIEM system to correlate its data with the data ingested by the vulnerability scanner data collector
  D. Use the table as a new index or database for the SIEM to be able to use multisearch and then summarize the results as output
  B. Use Boolean filters in the SIEM rule to take advantage of real-time processing and RAM to store the table dynamically, generate the results faster, and be able to display the table in a dashboard or export it as a report

• Question 432:

  A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.

  During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine.

  Which of the following describes the type of attack the proxy has been legitimately programmed to perform?

  A. Transitive access
  B. Spoofing
  C. Man-in-the-middle
  D. Replay
  C. Man-in-the-middle

• Question 433:

  Which of the following is a technology used to provide Internet access to internal associates without exposing the Internet directly to the associates?

  A. Fuzzer
  B. Vulnerability scanner
  C. Web proxy
  D. Intrusion prevention system
  C. Web proxy

• Question 434:

  An organization has the following policies:

  1.

  Services must run on standard ports.

  2.

  Unneeded services must be disabled.

  The organization has the following servers:

  192.168.10.1 - web server

  192.168.10.2 - database server

  A security analyst runs a scan on the servers and sees the following output:

  

  Which of the following actions should the analyst take?

  A. Disable HTTPS on 192.168.10.1.
  B. Disable IIS on 192.168.10.1.
  C. Disable DNS on 192.168.10.2.
  D. Disable MSSQL on 192.168.10.2.
  E. Disable SSH on both servers.
  C. Disable DNS on 192.168.10.2.

• Question 435:

  Following a data compromise, a cybersecurity analyst noticed the following executed query:

  SELECT * from Users WHERE name = rick OR 1=1

  Which of the following attacks occurred, and which of the following technical security controls would BEST reduce the risk of future impact from this attack? (Select TWO).

  A. Cookie encryption
  B. XSS attack
  C. Parameter validation
  D. Character blacklist
  E. Malicious code execution
  F. SQL injection
  C. Parameter validation
  F. SQL injection

  ---

  Explanation/Reference:

  Reference: https://lwn.net/Articles/177037/

• Question 436:

  A recent audit has uncovered several coding errors and a lack of input validation being used on a public portal. Due to the nature of the portal and the severity of the errors, the portal is unable to be patched. Which of the following tools could be used to reduce the risk of being compromised?

  A. Web application firewall
  B. Network firewall
  C. Web proxy
  D. Intrusion prevention system
  A. Web application firewall

• Question 437:

  A security analyst is revising a company's MFA policy to prohibit the use of short message service (SMS) tokens. The Chief Information Officer has questioned this decision and asked for justification. Which of the following should the analyst provide as justification for the new policy?

  A. SMS relies on untrusted, third-party carrier networks.
  B. SMS tokens are limited to eight numerical characters.
  C. SMS is not supported on all handheld devices in use.
  D. SMS is a cleartext protocol and does not support encryption.
  D. SMS is a cleartext protocol and does not support encryption.

• Question 438:

  An analyst is reviewing the following output:

  

  Which of the following was MOST likely used to discover this?

  A. Reverse engineering using a debugger
  B. A static analysis vulnerability scan
  C. A passive vulnerability scan
  D. A web application vulnerability scan
  D. A web application vulnerability scan

• Question 439:

  A security analyst has been asked to scan a subnet. During the scan, the following output was generated:

  

  Based on the output above, which of the following is MOST likely?

  A. 192.168.100.214 is a secure FTP server
  B. 192.168.100.214 is a web server
  C. Both hosts are mail servers
  D. 192.168.100.145 is a DNS server
  B. 192.168.100.214 is a web server

• Question 440:

  A user reports a malware alert to the help desk. A technician verifies the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access. The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes. Which of the following should the security analyst do NEXT?

  A. Document the procedures and walk through the incident training guide.
  B. Reverse engineer the malware to determine its purpose and risk to the organization.
  C. Sanitize the workstation and verify countermeasures are restored.
  D. Isolate the workstation and issue a new computer to the user.
  C. Sanitize the workstation and verify countermeasures are restored.