CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 561:

  A SIEM alert occurs with the following output:

  

  Which of the following BEST describes this alert?

  A. The alert is a false positive; there is a device with dual NICs
  B. The alert is valid because IP spoofing may be occurring on the network
  C. The alert is a false positive; both NICs are of the same brand
  D. The alert is valid because there may be a rogue device on the network
  B. The alert is valid because IP spoofing may be occurring on the network

• Question 562:

  A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the following should the cybersecurity analyst do FIRST?

  A. Apply the required patches to remediate the vulnerability.
  B. Escalate the incident to senior management for guidance.
  C. Disable all privileged user accounts on the network.
  D. Temporarily block the attacking IP address.
  D. Temporarily block the attacking IP address.

  ---

  Explanation/Reference:

  Reference: https://beyondsecurity.com/scan-pentest-network-vulnerabilities-snmp-protocol-version- detection.html

• Question 563:

  A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network. Which of the following protocols needs to be denied?

  A. TCP
  B. SMTP
  C. ICMP
  D. ARP
  C. ICMP

• Question 564:

  To prioritize the morning's work, an analyst is reviewing security alerts that have not yet been investigated. Which of the following assets should be investigated FIRST?

  A. The workstation of a developer who is installing software on a web server.
  B. A new test web server that is in the process of initial installation.
  C. An accounting supervisor's laptop that is connected to the VPN
  D. The laptop of the vice president that is on the corporate LAN
  D. The laptop of the vice president that is on the corporate LAN

• Question 565:

  An analyst is searching a log for potential credit card leaks. The log stores all data encoded in hexadecimal. Which of the following commands will allow the security analyst to confirm the incident?

  A. cat log xxd -r -p | egrep ' [0-9] {16}
  B. egrep '(3(0-9)) (16) ' log
  C. cat log | xxd -r -p egrep '(0-9) (16)'
  D. egrep ' (0-9) (16) ' log | xxdc
  C. cat log | xxd -r -p egrep '(0-9) (16)'

• Question 566:

  A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output:

  Antivirus is installed on the remote host:

  Installation path: C:\Program Files\AVProduct\Win32\

  Product Engine: 14.12.101

  Engine Version: 3.5.71

  Scanner does not currently have information about AVProduct version 3.5.71.

  It may no longer be supported.

  The engine version is out of date. The oldest supported version from the vendor is 4.2.11.

  The analyst uses the vendor's website to confirm the oldest supported version is correct. Which of the following BEST describes the situation?

  A. This is a false positive and the scanning plugin needs to be updated by the vendor
  B. This is a true negative and the new computers have the correct version of the software
  C. This is a true positive and the new computers were imaged with an old version of the software
  D. This is a false negative and the new computers need to be updated by the desktop team
  C. This is a true positive and the new computers were imaged with an old version of the software

• Question 567:

  A security officer needs to find a solution to the current data privacy and protection gap found in the last security assessment. Which of the following is the most cost-effective solution?

  A. Require users to sign NDAs.
  B. Create a data minimization plan.
  C. Add access control requirements.
  D. Implement a data loss prevention solution.
  B. Create a data minimization plan.

• Question 568:

  When reviewing network traffic, a security analyst detects suspicious activity:

  

  Based on the log above, which of the following vulnerability attacks is occurring?

  A. ShellShock
  B. DROWN
  C. Zeus
  D. Heartbleed
  E. POODLE
  E. POODLE

• Question 569:

  A security analyst wants to confirm a finding from a penetration test report on the internal web server. To do so, the analyst logs into the web server using SSH to send the request locally. The report provides a link to https://hrserver.internal/../

  ../etc/passwd, and the server IP address is 10.10.10.15.

  However, after several attempts, the analyst cannot get the file, despite attempting to get it using different ways, as shown below.

  

  Which of the following would explain this problem? (Choose two.)

  A. The web server uses SNI to check for a domain name
  B. Requests can only be sent remotely to the web server
  C. The password file is write protected
  D. The web service has not started
  A. The web server uses SNI to check for a domain name

• Question 570:

  An internally developed file-monitoring system identified the following excerpt as causing a program to crash often:

  char filedata[100]; fp = fopen(`access.log`, `r`); srtcopy (filedata, fp); printf (`%s\n`, filedata);

  Which of the following should a security analyst recommend to fix the issue?

  A. Open the access.log file ri read/write mode.
  B. Replace the strcpv function.
  C. Perform input samtizaton D. Increase the size of the file data buffer
  B. Replace the strcpv function.