CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 471:

  A security analyst is attempting to utilize the following threat intelligence for developing detection capabilities:

  APT X's approach to a target would be sending a phishing email to the target after conducting active and passive reconnaissance. Upon successful compromise, APT X conducts internal reconnaissance and attempts to move laterally by utilizing existing resources. When APT X finds data that aligns to its objectives, it stages and then exfiltrates data sets in sizes that can range from 1GB to 5GB. APT X also establishes several backdoors to maintain a C2 presence in the environment.

  In which of the following phases in this APT MOST likely to leave discoverable artifacts?

  A. Data collection/exfiltration
  B. Defensive evasion
  C. Lateral movement
  D. Reconnaissance
  A. Data collection/exfiltration

• Question 472:

  An organization is developing software to match customers' expectations. Before the software goes into production, it must meet the following quality assurance guidelines

  Uncover all the software vulnerabilities.

  Safeguard the interest of the software's end users.

  Reduce the likelihood that a defective program will enter production.

  Preserve the Interests of me software producer

  Which of me following should be performed FIRST?

  A. Run source code against the latest OWASP vulnerabilities.
  B. Document the life-cycle changes that look place.
  C. Ensure verification and vacation took place during each phase.
  D. Store the source code in a software escrow.
  E. Conduct a static analysis of the code.
  C. Ensure verification and vacation took place during each phase.

• Question 473:

  A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment

  Which of the following is the BEST solution?

  A. Virtualize the system and decommission the physical machine.
  B. Remove it from the network and require air gapping.
  C. Only allow access to the system via a jumpbox
  D. Implement MFA on the specific system.
  B. Remove it from the network and require air gapping.

• Question 474:

  A large software company wants to move source control and deployment pipelines into a cloud- computing environment. Due to the nature of the business management determines the recovery time objective needs to be within one hour. Which of the following strategies would put the company in the BEST position to achieve the desired recovery time?

  A. Establish an alternate site with active replication to other regions
  B. Configure a duplicate environment in the same region and load balance between both instances
  C. Set up every cloud component with duplicated copies and auto scaling turned on
  D. Create a duplicate copy on premises that can be used for failover in a disaster situation
  A. Establish an alternate site with active replication to other regions

• Question 475:

  A company office was broken into over the weekend. The office manager contacts the IT security group to provide details on which servers were stolen. The security analyst determines one of the stolen servers contained a list of customer PII information, and another server contained a copy of the credit card transactions processed on the Friday before the break-in. In addition to potential security implications of information that could be gleaned from those servers and the rebuilding/restoring of the data on the stolen systems, the analyst needs to determine any communication or notification requirements with respect to the incident. Which of the following items is MOST important when determining what information needs to be provided, who should be contacted, and when the communication needs to occur.

  A. Total number of records stolen
  B. Government and industry regulations
  C. Impact on the reputation of the company's name/brand
  D. Monetary value of data stolen
  B. Government and industry regulations

• Question 476:

  An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure functions. Which of the following technologies meet the compatibility requirement? (Select three.)

  A. 3DES
  B. AES
  C. IDEA
  D. PKCS
  E. PGP
  F. SSL/TLS
  G. TEMPEST
  B. AES
  D. PKCS
  F. SSL/TLS

• Question 477:

  A security analyst at a large financial institution is evaluating the security posture of a smaller financial company. The analyst is performing the evaluation as part of a due diligence process prior to a potential acquisition. With which of the following threats should the security analyst be MOST concerned? (Choose two.)

  A. Breach of confidentiality and market risks can occur if the potential acquisition is leaked to the press.
  B. The parent company is only going through this process to identify and steal the intellectual property of the smaller company.
  C. Employees at the company being acquired will be hostile to the security analyst and may not provide honest answers.
  D. Employees at the company being acquired will be hostile to the security analyst and may not provide honest answers.
  E. The industry regulator may decide that the acquisition will result in unfair competitive advantage if the acquisition were to take place.
  F. The company being acquired may already be compromised and this could pose a risk to the parent company's assets.
  E. The industry regulator may decide that the acquisition will result in unfair competitive advantage if the acquisition were to take place.
  F. The company being acquired may already be compromised and this could pose a risk to the parent company's assets.

• Question 478:

  A security analyst is reviewing a firewall usage report that contains traffic generated over the last 30 minutes in order to locate unusual traffic patterns:

  

  Which of the following source IP addresses does the analyst need to investigate further?

  A. 10.18.76.179
  B. 10.50.180.49
  C. 192.168.48.147
  D. 192.168.100.5
  C. 192.168.48.147

• Question 479:

  A remote code execution vulnerability was discovered in the RDP. An organization currently uses RDP for remote access to a portion of its VDI environment. The analyst verified network-level authentication is enabled. Which of the following is the BEST remediation for this vulnerability?

  A. Verify the threat intelligence feed is updated with the latest solutions.
  B. Verify the system logs do not contain indicator of compromise.
  C. Verify the latest endpoint-protection signature is in place.
  D. Verify the corresponding patch for the vulnerability is installed.
  D. Verify the corresponding patch for the vulnerability is installed.

• Question 480:

  A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied. When conducting the scan, the analyst received the following code snippet of results:

  

  Which of the following describes the output of this scan?

  A. The analyst has discovered a False Positive, and the status code is incorrect providing an OK message.
  B. The analyst has discovered a True Positive, and the status code is correct providing a file not found error message.
  C. The analyst has discovered a True Positive, and the status code is incorrect providing a forbidden message.
  D. The analyst has discovered a False Positive, and the status code is incorrect providing a server error message.
  B. The analyst has discovered a True Positive, and the status code is correct providing a file not found error message.