CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 901:

  Which of the following items represents a document that includes detailed information on when an incident was detected, how impactful the incident was, and how it was remediated, in addition to incident response effectiveness and any identified gaps needing improvement?

  A. Forensic analysis report
  B. Chain of custody report
  C. Trends analysis report
  D. Lessons learned report
  D. Lessons learned report

• Question 902:

  A threat intelligence analyst who works for an oil and gas company has received the following email from a superior:

  "We will be connecting our IT network with our ICS. Our IT security has historically been top of the line, and this convergence will make the ICS easier to manage and troubleshoot. Can you please perform a risk/vulnerability assessment on this decision?"

  Which of the following is MOST accurate regarding ICS in this scenario?

  A. Convergence decreases attack vectors
  B. Integrating increases the attack surface
  C. IT networks cannot be connected to ICS infrastructure
  D. Combined networks decrease efficiency
  B. Integrating increases the attack surface

• Question 903:

  Which of the following BEST explains the function of trusted firmware updates as they relate to hardware assurance?

  A. Trusted firmware updates provide organizations with development, compilation, remote access, and customization for embedded devices.
  B. Trusted firmware updates provide organizations with security specifications, open- source libraries, and custom toots for embedded devices.
  C. Trusted firmware updates provide organizations with remote code execution, distribution, maintenance, and extended warranties for embedded devices
  D. Trusted firmware updates provide organizations with secure code signing, distribution, installation. and attestation for embedded devices.
  D. Trusted firmware updates provide organizations with secure code signing, distribution, installation. and attestation for embedded devices.

• Question 904:

  Which of the following tools should an analyst use to scan for web server vulnerabilities?

  A. Wireshark
  B. Qualys
  C. ArcSight
  D. SolarWinds
  B. Qualys

• Question 905:

  While reviewing log files, a security analyst uncovers a brute-force attack that is being performed against an external webmail portal. Which of the following would be BEST to prevent this type of attack from being successful?

  A. Create a new rule in the IDS that triggers an alert on repeated login attempts
  B. Implement MFA on the email portal using out-of-band code delivery
  C. Alter the lockout policy to ensure users are permanently locked out after five attempts
  D. Leverage password filters to prevent weak passwords on employee accounts from being exploited
  E. Configure a WAF with brute-force protection rules in block mode
  B. Implement MFA on the email portal using out-of-band code delivery

• Question 906:

  A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and warnings. The analyst continues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is generating the same events. The analyst informs the manager of these findings, and the manager explains that these activities are already known and part of an ongoing events. Given this scenario, which of the following roles are the analyst, the employee, and the manager filling?

  A. The analyst is red team. The employee is blue team. The manager is white team.
  B. The analyst is white team. The employee is red team. The manager is blue team.
  C. The analyst is red team. The employee is white team. The manager is blue team.
  D. The analyst is blue team. The employee is red team. The manager is white team.
  D. The analyst is blue team. The employee is red team. The manager is white team.

  ---

  Explanation/Reference:

  Reference: https://danielmiessler.com/study/red-blue-purple-teams/

• Question 907:

  A company that is hiring a penetration tester wants to exclude social engineering from the list of authorized activities. Which of the following documents should include these details?

  A. Acceptable use policy
  B. Service level agreement
  C. Rules of engagement
  D. Memorandum of understanding
  E. Master service agreement
  C. Rules of engagement

• Question 908:

  A company's marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party, mail.marketing.com. Below is the existing SPF record:

  v=spf1 a mx -all

  Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?

  A. v=spf1 a mx redirect:mail.marketing.com ?all
  B. v=spf1 a mx include:mail.marketing.com -all
  C. v=spf1 a mx +all
  D. v=spf1 a mx include:mail.marketing.com ~all
  B. v=spf1 a mx include:mail.marketing.com -all

• Question 909:

  An incident response team is responding to a breach of multiple systems that contain Pll and PHI Disclosure of the incident to external entities should be based on:

  A. the responder's discretion.
  B. the public relations policy.
  C. the communication plan.
  D. the senior management team's guidance.
  C. the communication plan.

• Question 910:

  An information security analyst is compiling data from a recent penetration test and reviews the following output:

  

  The analyst wants to obtain more information about the web-based services that are running on the target. Which of the following commands would MOST likely provide the needed information?

  A. ping -t 10.79.95.173.rdns.datacenters.com
  B. telnet 10.79.95.173 443
  C. ftpd 10.79.95.173.rdns.datacenters.com 443
  D. tracert 10.79.95.173
  B. telnet 10.79.95.173 443