CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 501:

  An organization has been seeing increased levels of malicious traffic. A security analyst wants to take a more proactive approach to identify the threats that are acting against the organization's network. Which of the following approaches should the security analyst recommend?

  A. Use the MITRE ATTandCK framework to develop threat models.
  B. Conduct internal threat research and establish indicators of compromise.
  C. Review the perimeter firewall rules to ensure rule-set accuracy.
  D. Use SCAP scans to monitor for configuration changes on the network.
  A. Use the MITRE ATTandCK framework to develop threat models.

• Question 502:

  While reviewing three months of logs, a security analyst notices probes from random company laptops going to SCADA equipment at the company's manufacturing location. Some of the probes are getting responses from the equipment even though firewall rules are in place, which should block this type of unauthorized activity. Which of the following should the analyst recommend to keep this activity from originating from company laptops?

  A. Implement a group policy on company systems to block access to SCADA networks.
  B. Require connections to the SCADA network to go through a forwarding proxy.
  C. Update the firewall rules to block SCADA network access from those laptop IP addresses.
  D. Install security software and a host-based firewall on the SCADA equipment.
  A. Implement a group policy on company systems to block access to SCADA networks.

• Question 503:

  In the development stage of the incident response policy, the security analyst needs to determine the stakeholders for the policy. Who of the following would be the policy stakeholders?

  A. Human resources, legal, public relations, management
  B. Chief information Officer (CIO), Chief Executive Officer, board of directors, stockholders
  C. IT, human resources, security administrator, finance
  D. Public information officer, human resources, audit, customer service
  B. Chief information Officer (CIO), Chief Executive Officer, board of directors, stockholders

• Question 504:

  A recently issued audit report highlighted exceptions related to end-user handling of sensitive data and access credentials. A security manager is addressing the findings. Which of the following activities should be implemented?

  A. Update the password policy
  B. Increase training requirements
  C. Deploy a single sign-on platform
  D. Deploy Group Policy Objects
  B. Increase training requirements

• Question 505:

  After an internal audit, it was determined that administrative logins need to use multifactor authentication or a 15-character key with complexity enabled. Which of the following policies should be updates to reflect this change? (Choose two.)

  A. Data ownership policy
  B. Password policy
  C. Data classification policy
  D. Data retention policy
  E. Acceptable use policy
  F. Account management policy
  B. Password policy
  F. Account management policy

• Question 506:

  A security analyst recently observed evidence of an attack against a company's web server. The analyst investigated the issue but was unable to find an exploit that adequately explained the observations.

  Which of the following is the MOST likely cause of this issue?

  A. The security analyst needs updated forensic analysis tools.
  B. The security analyst needs more training on threat hunting and research.
  C. The security analyst has potentially found a zero-day vulnerability that has been exploited.
  D. The security analyst has encountered a polymorphic piece of malware.
  C. The security analyst has potentially found a zero-day vulnerability that has been exploited.

  ---

  Explanation/Reference:

  If an analyst observes evidence of an attack but cannot find an exploit that adequately explains the observations, it may indicate the presence of a zero-day vulnerability, which is an unknown vulnerability that attackers can exploit to gain

  unauthorized access to systems. In such cases, traditional security tools may not be able to detect or prevent the attack. Therefore, the analyst should investigate further to identify and mitigate the vulnerability to prevent further exploitation.

  Reference: CompTIA CySA+ Certification Exam Study Guide, Exam CS0-002, Chapter 1:

  Threat Management, Objective 1.1: Compare and contrast types of threats, pp. 15-16.

• Question 507:

  A security analyst determines that several workstations are reporting traffic usage on port 3389. All workstations are running the latest OS patches according to patch reporting. The help desk manager reports some users are getting logged off of their workstations, and network access is running slower than normal. The analyst believes a zero-day threat has allowed remote attackers to gain access to the workstations. Which of the following are the BEST steps to stop the threat without impacting all services? (Choose two.)

  A. Change the public NAT IP address since APTs are common.
  B. Configure a group policy to disable RDP access.
  C. Disconnect public Internet access and review the logs on the workstations.
  D. Enforce a password change for users on the network.
  E. Reapply the latest OS patches to workstations.
  F. Route internal traffic through a proxy server.
  B. Configure a group policy to disable RDP access.
  D. Enforce a password change for users on the network.

• Question 508:

  It is important to parameterize queries to prevent:

  A. the execution of unauthorized actions against a database.
  B. a memory overflow that executes code with elevated privileges.
  C. the establishment of a web shell that would allow unauthorized access.
  D. the queries from using an outdated library with security vulnerabilities.
  A. the execution of unauthorized actions against a database.

• Question 509:

  A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors. The company decides that it wants to quickly prevent unauthorized devices from accessing

  the network but policy prevents the company from making changes on every connecting client.

  Which of the following should the company implement?

  A. Port security
  B. WPA2
  C. Mandatory Access Control
  D. Network Intrusion Prevention
  A. Port security

• Question 510:

  The security team at a large corporation is helping the payment-processing team to prepare for a regulatory compliance audit and meet the following objectives:

  Reduce the number of potential findings by the auditors. Limit the scope of the audit to only devices used by the payment-processing team for activities directly impacted by the regulations. Prevent the external-facing web infrastructure used by other teams from coming into scope. Limit the amount of exposure the company will face if the systems used by the payment-processing team are compromised.

  Which of the following would be the MOST effective way for the security team to meet these objectives?

  A. Limit the permissions to prevent other employees from accessing data owned by the business unit.
  B. Segment the servers and systems used by the business unit from the rest of the network.
  C. Deploy patches to all servers and workstations across the entire organization.
  D. Implement full-disk encryption on the laptops used by employees of the payment-processing team.
  B. Segment the servers and systems used by the business unit from the rest of the network.