CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 741:

  An organization is assessing risks so it can prioritize its mitigation actions. Following are the risks and their probability and impact:

  

  Which of the following is the order of priority for risk mitigation from highest to lowest?

  A. A, B, C, D
  B. A, D, B, C
  C. B, C, A, D
  D. C, B, D, A
  E. D, A, C, B
  B. A, D, B, C

• Question 742:

  A company has a cluster of web servers that is critical to the business. A systems administrator installed a utility to troubleshoot an issue, and the utility caused the entire cluster to 90 offline. Which of the following solutions would work BEST prevent to this from happening again?

  A. Change management
  B. Application whitelisting
  C. Asset management
  D. Privilege management
  A. Change management

• Question 743:

  After reviewing security logs, it is noticed that sensitive data is being transferred over an insecure network. Which of the following would a cybersecurity analyst BEST recommend that the organization implement?

  A. Use a VPN
  B. Update the data classification matrix.
  C. Segment the networks.
  D. Use FIM.
  E. Use a digital watermark.
  A. Use a VPN

• Question 744:

  An organization is attempting to harden its web servers and reduce the information that might be disclosed by potential attackers. A security analyst is reviewing vulnerability scan results from a recent web server scan.

  Portions of the scan results are shown below:

  

  Which of the following lines indicates information disclosure about the host that needs to be remediated?

  A. Response: :\Documents\MarySmith\mailingList.pdf
  B. Finding#5144322
  C. First Time Detected 10 Nov 2015 09:00 GMT-0600
  D. Access Path: http://myOrg.com/mailingList.htm
  E. Request: GET http://myOrg.com/mailingList.aspx?content=volunteer
  A. Response: :\Documents\MarySmith\mailingList.pdf

• Question 745:

  A newly discovered malware has a known behavior of connecting outbound to an external destination on port 27500 for the purposes of exfiltrating data. The following are four snippets taken from running netstat n on separate Windows workstations:

  

  

  Based on the above information, which of the following is MOST likely to be exposed to this malware?

  A. Workstation A
  B. Workstation B
  C. Workstation C
  D. Workstation D
  A. Workstation A

• Question 746:

  During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:

  

  To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and __________.

  A. DST 138.10.2.5.
  B. DST 138.10.25.5.
  C. DST 172.10.3.5.
  D. DST 172.10.45.5.
  E. DST 175.35.20.5.
  A. DST 138.10.2.5.

• Question 747:

  A security analyst at exampte.com receives a SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream:

  

  Winch of the following actions should the security analyst lake NEXT?

  A. Review the known Apache vulnerabilities to determine if a compromise actually occurred
  B. Contact the application owner for connect example local tor additional information
  C. Mark the alert as a false positive scan coming from an approved source.
  D. Raise a request to the firewall team to block 203.0.113.15.
  B. Contact the application owner for connect example local tor additional information

  ---

  Explanation/Reference:

  An authenticated scan reports weaknesses exposed to the authenticated users of the system, as all the hosted services can be accessed with a right set of credentials. An -unauthenticated scan reports weaknesses from a public viewpoint

  (this is what the system looks like to the unauthenticated users) of the system.

  So the scan may be valid but instead of concluding asking for additional information from the application owner doesn't hurt and confirms if this activity is done internally.

• Question 748:

  A security analyst received several service tickets reporting that a company storefront website is not accessible by internal domain users. However, external users are accessing the website without issue. Which of the following is the MOST likely reason for this behavior?

  A. The FQDN is incorrect.
  B. The DNS server is corrupted.
  C. The time synchronization server is corrupted.
  D. The certificate is expired.
  B. The DNS server is corrupted.

• Question 749:

  The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the company's singe internet connection. Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT Department?

  A. Require the guest machines to install the corporate-owned EDR solution.
  B. Configure NAC to only alow machines on the network that are patched and have active antivirus.
  C. Place a firewall In between the corporate network and the guest network
  D. Configure the IPS with rules that will detect common malware signatures traveling from the guest network.
  B. Configure NAC to only alow machines on the network that are patched and have active antivirus.

• Question 750:

  A threat intelligence analyst who is working on the SOC floor has been forwarded an email that was sent to one of the executives in business development. The executive mentions the email was from the Chief Executive Officer (CEO), who was requesting an emergency wire transfer. This request was unprecedented. Which of the following threats MOST accurately aligns with this behavior?

  A. Phishing
  B. Whaling
  C. Spam
  D. Ransomware
  B. Whaling