CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 511:

  Which of the following weaknesses associated with common SCADA systems are the MOST critical for organizations to address architecturally within their networks? (Choose two.)

  A. Boot processes that are neither measured nor attested
  B. Legacy and unpatchable systems software
  C. Unnecessary open ports and protocols
  D. No OS kernel mandatory access controls
  E. Unauthenticated commands
  F. Insecure filesystem permissions
  B. Legacy and unpatchable systems software
  F. Insecure filesystem permissions

• Question 512:

  Which of the following types of controls defines placing an ACL on a file folder?

  A. Technical control
  B. Confidentiality control
  C. Managerial control
  D. Operational control
  A. Technical control

• Question 513:

  Which of the following describes the mam difference between supervised and unsupervised machine-learning algorithms that are used in cybersecurity applications?

  A. Supervised algorithms can be used to block attacks, while unsupervised algorithms cannot.
  B. Supervised algorithms require security analyst feedback, while unsupervised algorithms do not.
  C. Unsupervised algorithms are not suitable for IDS systems, white supervised algorithms are
  D. Unsupervised algorithms produce more false positives. Than supervised algorithms.
  B. Supervised algorithms require security analyst feedback, while unsupervised algorithms do not.

• Question 514:

  In order to leverage the power of data correlation within Nessus, a cybersecurity analyst needs to write an SQL statement that will provide how long a vulnerability has been present on the network.

  Given the following output table:

  

  Which of the following SQL statements would provide the resulted output needed for this correlation?

  A. SELECT Port, ScanDate, IP, PlugIn FROM MyResults WHERE PluginID=`1000'
  B. SELECT ScanDate, IP, Port, PlugIn FROM MyResults WHERE PluginID=`1000'
  C. SELECT IP, PORT, PlugIn, ScanDate FROM MyResults SET PluginID=`1000'
  D. SELECT ScanDate, IP, Port, PlugIn SET MyResults WHERE PluginID=`1000'
  B. SELECT ScanDate, IP, Port, PlugIn FROM MyResults WHERE PluginID=`1000'

• Question 515:

  Given the following code:

  

  Which of the following types of attacks is occurring?

  A. MITM
  B. Session hijacking
  C. XSS
  D. Privilege escalation
  E. SQL injection
  E. SQL injection

• Question 516:

  During an incident investigation, a security analyst discovers the web server is generating an unusually high volume of logs The analyst observes the following response codes:

  1.

  20% of the logs are 403

  2.

  20% of the logs are 404

  3.

  50% of the logs are 200

  4.

  10% of the logs are other codes

  The server generates 2MB of logs on a daily basis, and the current day log is over 200MB.

  Which of the following commands should the analyst use to identify the source of the activity?

  A. cat access_log Igrep " 403 "
  B. cat access_log Igrep " 200 "
  C. cat access_log Igrep " 100 "
  D. cat access_log Igrep " 4 04 "
  E. cat access_log Igrep " 204 "
  B. cat access_log Igrep " 200 "

  ---

  Explanation/Reference:

  The reason for this is that 50% of the logs contain response code 200, which is a successful HTTP response code indicating that the web server successfully processed the request. This means that the source of the activity is likely to be generating successful requests that the server is responding to with a 200 code. By using the grep command to search for "200" in the access_log file, the security analyst can quickly identify the source of this activity.

  The other response codes, such as 403 and 404, indicate errors or forbidden access, which are less likely to be related to the high volume of logs.

• Question 517:

  External users are reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following software development best practices would have helped prevent this issue?

  A. Stress testing
  B. Regression testing
  C. Input validation
  D. Fuzzing
  A. Stress testing

• Question 518:

  Which of the following is the greatest security concern regarding ICS?

  A. The involved systems are generally hard to identify.
  B. The systems are configured for automatic updates, leading to device failure.
  C. The systems are oftentimes air gapped, leading to fileless malware attacks.
  D. Issues on the systems cannot be reversed without rebuilding the systems.
  C. The systems are oftentimes air gapped, leading to fileless malware attacks.

• Question 519:

  Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (Select TWO).

  A. To schedule personnel resources required for test activities
  B. To determine frequency of team communication and reporting
  C. To mitigate unintended impacts to operations
  D. To avoid conflicts with real intrusions that may occur
  E. To ensure tests have measurable impact to operations
  A. To schedule personnel resources required for test activities
  C. To mitigate unintended impacts to operations

• Question 520:

  A code review reveals a web application is using time-based cookies for session management. This is a security concern because time-based cookies are easy to:

  A. parameterize.
  B. decode.
  C. guess.
  D. decrypt.
  C. guess.

  ---

  Explanation/Reference:

  Time-based cookies are considered to be a security concern because they are easy to GUESS and can potentially be used by attackers to gain access to a user's session. Here's an example of a time based cookie: Set-Cookie: SESSION_ID=12345; Expires=Fri, 31 Dec 2022 23:59:59 GMT