CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 551:

  A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties.

  Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)

  A. Executing vendor compliance assessments against the organization's security controls
  B. Executing NDAs prior to sharing critical data with third parties
  C. Soliciting third-party audit reports on an annual basis
  D. Maintaining and reviewing the organizational risk assessment on a quarterly basis
  E. Completing a business impact assessment for all critical service providers
  F. Utilizing DLP capabilities at both the endpoint and perimeter levels
  A. Executing vendor compliance assessments against the organization's security controls
  C. Soliciting third-party audit reports on an annual basis

• Question 552:

  Which of the following incident response components can identify who is the liaison between multiple lines of business and the public?

  A. Red-team analysis
  B. Escalation process and procedures
  C. Triage and analysis
  D. Communications plan
  D. Communications plan

• Question 553:

  A security analyst has discovered malware is spreading across multiple critical systems and is originating from a single workstations, which belongs to a member of the cyber-infrastructure team who has legitimate administrator credentials. An analysis of the traffic indicates the workstation swept the networking looking for vulnerable hosts to infect. Which of the following would have worked BEST to prevent the spread of this infection?

  A. Vulnerability scans of the network and proper patching.
  B. A properly configured and updated EDR solution.
  C. A honeypot used to catalog the anomalous behavior and update the IPS.
  D. Logical network segmentation and the use of jump boxes
  D. Logical network segmentation and the use of jump boxes

• Question 554:

  During the onboarding process for a new vendor, a security analyst obtains a copy of the vendor's latest penetration test summary: Performed by: Vendor Red Team Last performed: 14 days ago

  

  Which of the following recommendations should the analyst make first?

  A. Perform a more recent penetration test.
  B. Continue vendor onboarding.
  C. Disclose details regarding the findings.
  D. Have a neutral third party perform a penetration test.
  D. Have a neutral third party perform a penetration test.

• Question 555:

  A company uses an FTP server to support its critical business functions The FTP server is configured as follows:

  The FTP service is running with (he data duectory configured in /opt/ftp/data. The FTP server hosts employees' home aVectories in /home Employees may store sensitive information in their home directories

  An loC revealed that an FTP director/ traversal attack resulted in sensitive data loss.

  Which of the following should a server administrator implement to reduce the risk of current and future directory traversal attacks targeted at the FTP server?

  A. Implement file-level encryption of sensitive files
  B. Reconfigure the FTP server to support FTPS
  C. Run the FTP server n a chroot environment
  D. Upgrade the FTP server to the latest version
  C. Run the FTP server n a chroot environment

• Question 556:

  A company uses self-signed certificates when sending emails to recipients within the company. Users are calling the help desk because they are getting warnings when attempting to open emails sent by internal users. A security analyst checks the certificates and sees the following:

  Issued to: [email protected] Issued by: certServer.company.com Valid from: 1/1/2020 to 1/1/2030

  Which of the following should the security analyst conclude?

  A. [email protected] is a malicious insider.
  B. The valid dates are too far apart and are generating the alerts.
  C. certServer has been compromised.
  D. The root certificate was not installed in the trusted store.
  D. The root certificate was not installed in the trusted store.

  ---

  Explanation/Reference:

  When a user receives an email with a self-signed certificate, the email client will typically show a warning or error message if the certificate is not valid. One of the possible causes of this warning is if the root certificate was not installed in the trusted store. This means that the client doesn't trust the certificate and, as a result, it is not able to establish a secure connection with the sender's email server. This will cause a warning message to be displayed to the user.

• Question 557:

  A malicious artifact was collected during an incident response procedure. A security analyst is unable to run it in a sandbox to understand its features and method of operation. Which of the following procedures is the BEST approach to perform a further analysis of the malware's capabilities?

  A. Reverse engineering
  B. Dynamic analysis
  C. Strings extraction
  D. Static analysis
  D. Static analysis

• Question 558:

  A bad actor bypasses authentication and reveals all records in a database through an SQL injection. Implementation of which of the following would work BEST to prevent similar attacks in

  A. Strict input validation
  B. Blacklisting
  C. SQL patching
  D. Content filtering
  E. Output encoding
  A. Strict input validation

• Question 559:

  A forensics investigator is analyzing a compromised workstation. The investigator has cloned the hard drive and needs to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive that was collected as evidence. Which of the following should the investigator do?

  A. Insert the hard drive on a test computer and boot the computer.
  B. Record the serial numbers of both hard drives.
  C. Compare the file-directory "sting of both hard drives.
  D. Run a hash against the source and the destination.
  D. Run a hash against the source and the destination.

• Question 560:

  A staff member reported that a laptop has degraded performance. The security analyst has investigated the issue and discovered that CPU utilization, memory utilization, and outbound network traffic are consuming the laptop's resources. Which of the following is the BEST course of actions to resolve the problem?

  A. Identify and remove malicious processes.
  B. Disable scheduled tasks.
  C. Suspend virus scan.
  D. Increase laptop memory.
  E. Ensure the laptop OS is properly patched.
  A. Identify and remove malicious processes.