CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 871:

  Company A's security policy states that only PKI authentication should be used for all SSH accounts. A security analyst from Company A is reviewing the following auth.log and configuration settings:

  

  Which of the following changes should be made to the following sshd_config file to establish compliance with the policy?

  A. Change PermitRootLogin no to #PermitRootLogin yes
  B. Change ChallengeResponseAuthentication yes to ChallangeResponseAuthentication no
  C. Change PubkeyAuthentication yes to #PubkeyAuthentication yes
  D. Change #AuthorizedKeysFile sh/.ssh/authorized_keys to AuthorizedKeysFile sh/.ssh/authorized_keys
  E. Change PassworAuthentication yes to PasswordAuthentication no
  E. Change PassworAuthentication yes to PasswordAuthentication no

• Question 872:

  A new prototype for a company's flagship product was leaked on the internet. As a result, the management team has locked out all USB dives. Optical drive writers are not present on company computers. The sales team has been granted an exception to share sales presentation files with third parties. Which of the following would allow the IT team to determine which devices are USB enabled?

  A. Asset tagging
  B. Device encryption
  C. Data loss prevention
  D. SIEM logs
  D. SIEM logs

• Question 873:

  SIMULATION

  Part1-AppServ2

  You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not. The company's hardening guidelines indicate the following:

  1. TLS 1.2 is the only version of TLS running.

  2. Apache 2.4.18 or greater should be used.

  3. Only default ports should be used.

  INSTRUCTIONS

  Using the supplied data, record the status of compliance with the company's guidelines for each server.

  The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.

  

  Hot Area:

  

  

  ---

  Explanation/Reference:

  AppServ2 - Nothing to check

• Question 874:

  A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity analyst is receiving calls that the website is performing slowly and the pages sometimes time out. The analyst notices the website is receiving millions of requests, causing the service to become unavailable. Which of the following can be implemented to maintain the availability of the website?

  A. VPN
  B. Honeypot
  C. Whitelisting
  D. DMZ
  E. MAC filtering
  C. Whitelisting

• Question 875:

  A system is experiencing noticeably slow response times, and users are being locked out frequently. An analyst asked for the system security plan and found the system comprises two servers: an application server in the DMZ and a database server inside the trusted domain. Which of the following should be performed NEXT to investigate the availability issue?

  A. Review the firewall logs.
  B. Review syslogs from critical servers.
  C. Perform fuzzing.
  D. Install a WAF in front of the application server.
  B. Review syslogs from critical servers.

• Question 876:

  In order to meet regulatory compliance objectives for the storage of PHI, vulnerability scans must be conducted on a continuous basis. The last completed scan of the network returned 5,682 possible vulnerabilities. The Chief Information Officer (CIO) would like to establish a remediation plan to resolve all known issues. Which of the following is the BEST way to proceed?

  A. Attempt to identify all false positives and exceptions, and then resolve all remaining items.
  B. Hold off on additional scanning until the current list of vulnerabilities have been resolved.
  C. Place assets that handle PHI in a sandbox environment, and then resolve all vulnerabilities.
  D. Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first.
  D. Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first.

• Question 877:

  In web application scanning, static analysis refers to scanning:

  A. the system for vulnerabilities before installing the application.
  B. the compiled code of the application to detect possible issues.
  C. an application that is installed and active on a system.
  D. an application that is installed on a system that is assigned a static IP.
  B. the compiled code of the application to detect possible issues.

  ---

  Explanation/Reference:

  This type of analysis is performed before the application is installed and active on a system, and it involves examining the code without actually executing it in order to identify potential vulnerabilities or security risks. As per CYSA+ 002 Study Guide: Static analysis is conducted by reviewing the code for an application. Static analysis does not run the program; instead, it focuses on understanding how the program is written and what the code is intended to do.

• Question 878:

  A company's Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user's activity session. Which of the following is the BEST technique to address the CISO's concerns?

  A. Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.
  B. Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.
  C. Place a legal hold on the files. Require authorized users to abide by a strict time context access policy.Monitor the files for unauthorized changes.
  D. Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.
  A. Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.

• Question 879:

  A developer downloaded and attempted to install a file transfer application in which the installation package is bundled with acKvare. The next-generation antivirus software prevented the file from executing, but it did not remove the file from the device. Over the next few days, more developers tried to download and execute the offending file. Which of the following changes should be made to the security tools to BEST remedy the issue?

  A. Blacklist the hash in the next-generation antivirus system.
  B. Manually delete the file from each of the workstations.
  C. Remove administrative rights from all developer workstations.
  D. Block the download of the fie via the web proxy
  D. Block the download of the fie via the web proxy

• Question 880:

  A code review reveals a web application is using lime-based cookies for session management. This is a security concern because lime-based cookies are easy to:

  A. parameterize.
  B. decode.
  C. guess.
  D. decrypt.
  B. decode.

  ---

  Explanation/Reference:

  Lime-based cookies are a type of cookies that use lime encoding to store data in a web browser. Lime encoding is a simple substitution cipher that replaces each character in a string with another character based on a fixed key. Lime-based cookies are easy to decode because the key is publicly available and the encoding algorithm is simple. Anyone who intercepts or accesses the lime-based cookies can easily decode them and read the data stored in them. This is a security concern because lime-based cookies are often used for session management, which means they store information about the user's identity and preferences on a web application. If an attacker can decode the lime-based cookies, they can impersonate the user or access their sensitive information. Reference: : https://www.dcode.fr/lime-encryption : https://www.techopedia.com/definition/1529/session-cookie