CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 541:

  A security analyst is reviewing existing email protection mechanisms to generate a report. The analysis finds the following DNS records:

  Record 1

  v=spf1 ip4:192:168.0.0/16 include:_spf.marketing.com include: thirdpartyprovider.com ~all

  Record 2

  "v=DKIM1\ k=rsa\; p=MIGfMA0GCSqh7d8hyh78Gdg87gd98hag86ga98dhay8gd7ashdca7yg79auhudig7df9ah8g76ag98dhay87ga9"

  Record 3

  _dmarc.comptia.com TXT v=DMARC1\; p=reject\; pct=100; rua=mailto:[email protected]

  Which of the following options provides accurate information to be included in the report?

  A. Record 3 serves as a reference of the security features configured at Record 1 and 2.
  B. Record 1 is used as a blocklist mechanism to filter unauthorized senders.
  C. Record 2 is used as a key to encrypt all outbound messages sent.
  D. The three records contain private information that should not be disclosed.
  A. Record 3 serves as a reference of the security features configured at Record 1 and 2.

  ---

  Explanation/Reference:

  The DMARC record is what tells us to do with messages that don't properly align to SPF / DKIM.

  WRONG ANSWERS

  ?B ?this SPF record, as configured, is a softfail. That means it functions as less of a blocklist and more as a quarantine list.

  ?C ?the DKIM key is used to sign, not encrypt, outbound messages.

  ?D ?all 3 records must be in public DNS or e-mail servers outside the organization would be unable to reference them and use them.

• Question 542:

  A security analyst is reviewing vulnerability scans from an organization's internet-facing web services. The following is from an output file called ssl-test_webapps.comptia.org:

  

  Which of the following lines from this output most likely indicates that attackers could quickly use brute force and determine the negotiated secret session key?

  A. TLS_RSA_WITH_DES_CBC_SHA 56
  B. TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 DH (1024 bits)
  C. TLS_RSA_WITH_AES_256_CBC_SHA 256
  D. TLS_DHE_RSA_WITH_AES_256_GCM_SHA256 DH (2048 bits)
  A. TLS_RSA_WITH_DES_CBC_SHA 56

• Question 543:

  An analyst performs a routine scan of a host using Nmap and receives the following output:

  

  Which of the following should the analyst investigate FIRST?

  A. Port 21
  B. Port 22
  C. Port 23
  D. Port 80
  C. Port 23

• Question 544:

  An application server runs slowly and then triggers a high CPU alert. After investigating, a security analyst finds an unauthorized program is running on the server. The analyst reviews the application log below.

  

  Which of the following conclusions is supported by the application log?

  A. An attacker was attempting to perform a DoS attack against the server
  B. An attacker was attempting to download files via a remote command execution vulnerability
  C. An attacker was attempting to perform a buffer overflow attack to execute a payload in memory
  D. An attacker was attempting to perform an XSS attack via a vulnerable third-party library
  B. An attacker was attempting to download files via a remote command execution vulnerability

  ---

  Explanation/Reference:

  Bin /Bash in this log. looks like reverse shell and definately remote command exacution and downloading something.

• Question 545:

  An application must pass a vulnerability assessment to move to the next gate. Consequently, any security issues that are found must be remediated prior to the next gate. Which of the following best describes the method for end-to-end vulnerability assessment?

  A. Security regression testing
  B. Static analysis
  C. Dynamic analysis
  D. Stress testing
  C. Dynamic analysis

• Question 546:

  The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses worldwide. Which of the following controls would BEST protect the service?

  A. Whitelisting authorized IP addresses
  B. Enforcing more complex password requirements
  C. Blacklisting unauthorized IP addresses
  D. Establishing a sinkhole service
  A. Whitelisting authorized IP addresses

• Question 547:

  A development team is testing a new application release. The team needs to import existing client PHI data records from the production environment to the test environment to test accuracy and functionality. Which of the following would BEST protect the sensitivity of this data while still allowing the team to perform the testing?

  A. Deidentification
  B. Encoding
  C. Encryption
  D. Watermarking
  A. Deidentification

• Question 548:

  A system administrator recently deployed and verified the installation of a critical patch issued by the company's primary OS vendor. This patch was supposed to remedy a vulnerability that would allow an adversary to remotely execute code from over the network. However, the administrator just ran a vulnerability assessment of networked systems, and each of them still reported having the same vulnerability. Which of the following is the MOST likely explanation for this?

  A. The administrator entered the wrong IP range for the assessment.
  B. The administrator did not wait long enough after applying the patch to run the assessment.
  C. The patch did not remediate the vulnerability.
  D. The vulnerability assessment returned false positives.
  C. The patch did not remediate the vulnerability.

• Question 549:

  Which of the following is a reason to use a risk-based cybersecurity framework?

  A. A risk-based approach always requires quantifying each cyber nsk faced by an organization
  B. A risk-based approach better allocates an organization's resources against cyberthreats and vulnerabilities
  C. A risk-based approach is driven by regulatory compliance and es required for most organizations
  D. A risk-based approach prioritizes vulnerability remediation by threat hunting and other qualitative-based processes
  B. A risk-based approach better allocates an organization's resources against cyberthreats and vulnerabilities

• Question 550:

  A business recently acquired a software company. The software company's security posture is unknown. However, based on an assessment, there are limited security controls. No significant security monitoring exists. Which of the following is the NEXT step that should be completed to obtain information about the software company's security posture?

  A. Develop an asset inventory to determine the systems within the software company
  B. Review relevant network drawings, diagrams and documentation
  C. Perform penetration tests against the software company's Internal and external networks
  D. Baseline the software company's network to determine the ports and protocols in use.
  A. Develop an asset inventory to determine the systems within the software company