CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 811:

  A security analyst has received reports of very slow, intermittent access to a public-facing corporate server. Suspecting the system may be compromised, the analyst runs the following commands:

  

  Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?

  A. Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.
  B. Examine the server logs for further indicators of compromise of a web application.
  C. Run kill -9 1325 to bring the load average down so the server is usable again.
  D. Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.
  B. Examine the server logs for further indicators of compromise of a web application.

• Question 812:

  The inability to do remote updates of certificates, keys, software, and firmware is a security issue commonly associated with:

  A. web servers on private networks
  B. HVAC control systems
  C. smartphones
  D. firewalls and UTM devices
  B. HVAC control systems

• Question 813:

  A new security manager was hired to establish a vulnerability management program. The manager asked for a corporate strategic plan and risk register that the project management office developed. The manager conducted a tools and skill sets inventory to document the plan. Which of the following is a critical task for the establishment of a successful program?

  A. Establish continuous monitoring
  B. Update vulnerability feed
  C. Perform information classification
  D. Establish corporate policy
  D. Establish corporate policy

• Question 814:

  A security analyst was asked to join an outage call for a critical web application. The web middleware support team determined the web server is running and having no trouble processing requests; however, some investigation has revealed firewall denies to the web server that began around 1.00 a.m. that morning. An emergency change was made to enable the access, but management has asked for a root cause determination. Which of the following would be the BEST next step?

  A. Install a packet analyzer near the web server to capture sample traffic to find anomalies.
  B. Block all traffic to the web server with an ACL.
  C. Use a port scanner to determine all listening ports on the web server.
  D. Search the logging servers for any rule changes.
  D. Search the logging servers for any rule changes.

• Question 815:

  A security analyst positively identified the threat, vulnerability, and remediation. The analyst is ready to implement the corrective control. Which of the following would be the MOST inhibiting to applying the fix?

  A. Requiring a firewall reboot.
  B. Resetting all administrator passwords.
  C. Business process interruption.
  D. Full desktop backups.
  D. Full desktop backups.

• Question 816:

  A company just chose a global software company based in Europe to implement a new supply chain management solution. Which of the following would be the MAIN concern of the company?

  A. Violating national security policy
  B. Packet injection
  C. Loss of intellectual property
  D. International labor laws
  A. Violating national security policy

• Question 817:

  An organization's Chief Information Security Officer (CISO) has asked department leaders to coordinate on communication plans that can be enacted in response to different cybersecurity incident triggers. Which of the following is a benefit of having these communication plans?

  A. They can help to prevent the inadvertent release of damaging information outside the organization.
  B. They can help to limit the spread of worms by coordinating with help desk personnel earlier in the recovery phase.
  C. They can quickly inform the public relations team to begin coordinating with the media as soon as a breach is detected.
  D. They can help to keep the organization's senior leadership informed about the status of patching during the recovery phase.
  A. They can help to prevent the inadvertent release of damaging information outside the organization.

• Question 818:

  File integrity monitoring states the following files have been changed without a written request or approved change. The following change has been made:

  chmod 777 -Rv /usr Which of the following may be occurring?

  A. The ownership pf /usr has been changed to the current user.
  B. Administrative functions have been locked from users.
  C. Administrative commands have been made world readable/writable.
  D. The ownership of/usr has been changed to the root user.
  C. Administrative commands have been made world readable/writable.

• Question 819:

  A security analyst has received a report that servers are no longer able to connect to the network. After many hours of troubleshooting, the analyst determines a Group Policy Object is responsible for the network connectivity issues. Which of the following solutions should the security analyst recommend to prevent an interruption of service in the future?

  A. CI/CD pipeline
  B. Impact analysis and reporting
  C. Appropriate network segmentation
  D. Change management process
  D. Change management process

• Question 820:

  An analyst is reviewing the following output as part of an incident:

  

  Which of the Wowing is MOST likely happening?

  A. The hosts are part of a reflective denial -of -service attack.
  B. Information is leaking from the memory of host 10.20 30.40
  C. Sensitive data is being exfilltrated by host 192.168.1.10.
  D. Host 291.168.1.10 is performing firewall port knocking.
  B. Information is leaking from the memory of host 10.20 30.40