CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 591:

  A software development team asked a security analyst to review some code for security vulnerabilities. Which of the following would BEST assist the security analyst while performing this task?

  A. Static analysis
  B. Dynamic analysis
  C. Regression testing
  D. User acceptance testing
  A. Static analysis

• Question 592:

  Company A is m the process of merging with Company B As part of the merger, connectivity between the ERP systems must be established so portent financial information can be shared between the two entitles. Which of the following will establish a more automated approach to secure data transfers between the two entities?

  A. Set up an FTP server that both companies can access and export the required financial data to a folder.
  B. Set up a VPN between Company A and Company B. granting access only lo the ERPs within the connection
  C. Set up a PKI between Company A and Company B and Intermediate shared certificates between the two entities
  D. Create static NATs on each entity's firewalls that map lo the ERP systems and use native ERP authentication to allow access.
  B. Set up a VPN between Company A and Company B. granting access only lo the ERPs within the connection

• Question 593:

  An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider. The incident response team is working on developing a lessons learned report with recommendations. Which of the following recommendations will BEST prevent the same attack from occurring in the future?

  A. Remove and replace the managed switch with an unmanaged one.
  B. Implement a separate logical network segment for management interfaces.
  C. Install and configure NAC services to allow only authorized devices to connect to the network.
  D. Analyze normal behavior on the network and configure the IDS to alert on deviations from normal.
  B. Implement a separate logical network segment for management interfaces.

• Question 594:

  Which of the following BEST describes HSM?

  A. A computing device that manages cryptography, decrypts traffic, and maintains library calls
  B. A computing device that manages digital keys, performs encryption/decryption functions, and maintains other cryptographic functions
  C. A computing device that manages physical keys, encrypts devices, and creates strong cryptographic functions
  D. A computing device that manages algorithms, performs entropy functions, and maintains digital signatures
  B. A computing device that manages digital keys, performs encryption/decryption functions, and maintains other cryptographic functions

• Question 595:

  While reviewing a cyber-risk assessment, an analyst notes there are concerns related to FPGA usage. Which of the following statements would BEST convince the analyst's supervisor to use additional controls?

  A. FPGAs are expensive and can only be programmed once. Code deployment safeguards are needed.
  B. FPGAs have an inflexible architecture. Additional training for developers is needed.
  C. FPGAs are vulnerable to malware installation and require additional protections for their codebase.
  D. FPGAs are expensive to produce. Anti-counterfeiting safeguards are needed.
  C. FPGAs are vulnerable to malware installation and require additional protections for their codebase.

• Question 596:

  A web-based front end for a business intelligence application uses pass-through authentication to authenticate users The application then uses a service account, to perform queries and look up data m a database A security analyst discovers employees are accessing data sets they have not been authorized to use. Which of the following will fix the cause of the issue?

  A. Change the security model to force the users to access the database as themselves
  B. Parameterize queries to prevent unauthorized SQL queries against the database
  C. Configure database security logging using syslog or a SIEM
  D. Enforce unique session IDs so users do not get a reused session ID
  A. Change the security model to force the users to access the database as themselves

  ---

  Explanation/Reference:

  https://www.examtopics.com/discussions/comptia/view/42701-exam-cs0-002-topic-1-question-121-discussion/

• Question 597:

  A proposed network architecture requires systems to be separated from each other logically based on defined risk levels. Which of the following explains the reason why an architect would set up the network this way?

  A. To complicate the network and frustrate a potential malicious attacker
  B. To create a design that simplifies the supporting network
  C. To reduce the attack surface of those systems by segmenting the network based on risk
  D. To reduce the number of IP addresses that are used on the network
  C. To reduce the attack surface of those systems by segmenting the network based on risk

• Question 598:

  A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and

  the web server providing these services. After investigating the platform vulnerability, it was determined that the web services provided are being impacted by this new threat.

  Which of the following data types are MOST likely at risk of exposure based on this new threat? (Choose two.)

  A. Cardholder data
  B. Intellectual property
  C. Personal health information
  D. Employee records
  E. Corporate financial data
  A. Cardholder data
  C. Personal health information

• Question 599:

  A company uses a managed IDS system, and a security analyst has noticed a large volume of brute force password attacks originating from a single IP address. The analyst put in a ticket with the IDS provider, but no action was taken for 24 hours, and the attacks continued. Which of the following would be the BEST approach for the scenario described?

  A. Draft a new MOU to include response incentive fees.
  B. Reengineer the BPA to meet the organization's needs.
  C. Modify the SLA to support organizational requirements.
  D. Implement an MOA to improve vendor responsiveness.
  C. Modify the SLA to support organizational requirements.

• Question 600:

  While investigating reports or issues with a web server, a security analyst attempts to log in remotely and recedes the following message:

  

  The analyst accesses the server console, and the following console messages are displayed:

  

  The analyst is also unable to log in on the console. While reviewing network captures for the server, the analyst sees many packets with the following signature:

  

  Which of the following is the BEST step for the analyst to lake next in this situation?

  A. Load the network captures into a protocol analyzer to further investigate the communication with 128.30.100.23, as this may be a botnet command server
  B. After ensuring network captures from the server are saved isolate the server from the network take a memory snapshot, reboot and log in to do further analysis.
  C. Corporate data is being exfilltrated from the server Reboot the server and log in to see if it contains any sensitive data.
  D. Cryptomining malware is running on the server and utilizing an CPU and memory. Reboot the server and disable any cron Jobs or startup scripts that start the mining software.
  B. After ensuring network captures from the server are saved isolate the server from the network take a memory snapshot, reboot and log in to do further analysis.