CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 861:

  A technician at a company's retail store notifies an analyst that disk space is being consumed at a rapid rate on several registers. The uplink back to the corporate office is also saturated frequently. The retail location has no Internet access. An analyst then observes several occasional IPS alerts indicating a server at corporate has been communicating with an address on a watchlist. Netflow data shows large quantities of data transferred at those times.

  Which of the following is MOST likely causing the issue?

  A. A credit card processing file was declined by the card processor and caused transaction logs on the registers to accumulate longer than usual.
  B. Ransomware on the corporate network has propagated from the corporate network to the registers and has begun encrypting files there.
  C. A penetration test is being run against the registers from the IP address indicated on the watchlist, generating large amounts of traffic and data storage.
  D. Malware on a register is scraping credit card data and staging it on a server at the corporate office before uploading it to an attacker-controlled command and control server.
  D. Malware on a register is scraping credit card data and staging it on a server at the corporate office before uploading it to an attacker-controlled command and control server.

• Question 862:

  Which of the following technologies can be used to house the entropy keys for task encryption on desktops and laptops?

  A. Self-encrypting drive
  B. Bus encryption
  C. TPM
  D. HSM
  A. Self-encrypting drive

• Question 863:

  While analyzing network traffic, a security analyst discovers several computers on the network are connecting to a malicious domain that was blocked by a DNS sinkhole. A new private IP range is now visible, but no change requests were made to add it.

  Which of the following is the BEST solution for the security analyst to implement?

  A. Block the domain IP at the firewall.
  B. Blacklist the new subnet
  C. Create an IPS rule.
  D. Apply network access control.
  A. Block the domain IP at the firewall.

• Question 864:

  Understanding attack vectors and integrating intelligence sources are important components of:

  A. a vulnerability management plan.
  B. proactive threat hunting.
  C. risk management compliance.
  D. an incident response plan.
  B. proactive threat hunting.

• Question 865:

  HOTSPOT

  Malware is suspected on a server in the environment. The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers

  may be malware. Servers 1, 2 and 4 are clickable. Select the Server which hosts the malware, and select the process which hosts this malware.

  Instructions:

  If any time you would like to bring back the initial state of the simulation, please select the Reset button.

  When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

  Hot Area:

  

  

  ---

  Explanation/Reference:

• Question 866:

  A security analyst discovers the accounting department is hosting an accounts receivable form on a public document service. Anyone with the link can access it. Which of the following threats applies to this situation?

  A. Potential data loss to external users
  B. Loss of public/private key management
  C. Cloud-based authentication attack
  D. Insufficient access logging
  A. Potential data loss to external users

• Question 867:

  A security analyst is concerned that unauthorized users can access confidential data stored in the production server environment. All workstations on a particular network segment have full access to any server in production. Which of the following should be deployed in the production environment to prevent unauthorized access? (Choose two.)

  A. DLP system
  B. Honeypot
  C. Jump box
  D. IPS
  E. Firewall
  C. Jump box
  E. Firewall

• Question 868:

  A cybersecurity analyst was asked to discover the hardware address of 30 networked assets. From a command line, which of the following tools would be used to provide ARP scanning and reflects the MOST efficient method for accomplishing the task?

  A. nmap
  B. tracert
  C. ping -a
  D. nslookup
  A. nmap

  ---

  Explanation/Reference:

  Reference: https://serverfault.com/questions/10590/how-to-get-a-list-of-all-ip-addresses-and-ideally-device-names-on-a-lan

• Question 869:

  After running a packet analyzer on the network, a security analyst has noticed the following output:

  

  Which of the following is occurring?

  A. A ping sweep
  B. A port scan
  C. A network map
  D. A service discovery
  B. A port scan

• Question 870:

  HOTSPOT

  A security analyst performs various types of vulnerability scans.

  You must review the vulnerability scan results to determine the type of scan that was executed and determine if a false positive occurred for each device.

  Instructions:

  Select the drop option for whether the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.

  For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a

  second time.

  Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.

  The Linux Web Server, File-Print Server and Directory Server are draggable.

  If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the

  Next button to continue.

  Hot Area:

  

  

  ---

  Explanation/Reference: