CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 941:

  A pharmaceutical company's marketing team wants to send out notifications about new products to alert users of recalls and newly discovered adverse drug reactions. The team plans to use the names and mailing addresses that users have

  provided.

  Which of the following data privacy standards does this violate?

  A. Purpose limitation
  B. Sovereignty
  C. Data minimization
  D. Retention
  A. Purpose limitation

  ---

  Explanation/Reference:

  Reference: http://www.isitethical.eu/portfolio-item/purpose-limitation/

• Question 942:

  An organization discovers motherboards within the environment that appear to have been physically altered during the manufacturing process. Which of the following is the BEST course of action to mitigate the risk of this reoccurring?

  A. Perform an assessment of the firmware to determine any malicious modifications.
  B. Conduct a trade study to determine if the additional risk constitutes further action.
  C. Coordinate a supply chain assessment to ensure hardware authenticity.
  D. Work with IT to replace the devices with the known-altered motherboards.
  C. Coordinate a supply chain assessment to ensure hardware authenticity.

• Question 943:

  A security analyst is running a tool against an executable of an unknown source. The Input supplied by the tool to the executable program and the output from the executable are shown below:

  

  Which of the following should the analyst report after viewing this Information?

  A. A dynamic library that is needed by the executable a missing
  B. Input can be crafted to trigger an Infection attack in the executable
  C. The toot caused a buffer overflow in the executable's memory
  D. The executable attempted to execute a malicious command
  B. Input can be crafted to trigger an Infection attack in the executable

• Question 944:

  A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance as identified from the firewall logs, but the destination IP is blocked and not captured. Which of the following should the analyst do?

  A. Shut down the computer
  B. Capture live data using Wireshark
  C. Take a snapshot
  D. Determine if DNS logging is enabled
  E. Review the network logs
  D. Determine if DNS logging is enabled

• Question 945:

  A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application. Which of the following is a security concern when using a PaaS solution?

  A. The use of infrastructure-as-code capabilities leads to an increased attack surface.
  B. Patching the underlying application server becomes the responsibility of the client.
  C. The application is unable to use encryption at the database level.
  D. Insecure application programming interfaces can lead to data compromise.
  D. Insecure application programming interfaces can lead to data compromise.

• Question 946:

  An analyst is reviewing the following log from the company web server:

  

  Which of the following is this an example of?

  A. Online rainbow table attack
  B. Offline brute force attack
  C. Offline dictionary attack
  D. Online hybrid attack
  B. Offline brute force attack

• Question 947:

  A security analyst is reviewing output from a CVE-based vulnerability scanner. Before conducting the scan, the analyst was careful to select only Windows-based servers in a specific datacenter. The scan revealed that the datacenter includes 27 machines running Windows 2003 Server Edition (Win2003SE). In 2015, there were 36 new vulnerabilities discovered in the Win2003SE environment. Which of the following statements are MOST likely applicable? (Choose two.)

  A. Remediation is likely to require some form of compensating control.
  B. Microsoft's published schedule for updates and patches for Win2003SE have continued uninterrupted.
  C. Third-party vendors have addressed all of the necessary updates and patches required by Win2003SE.
  D. The resulting report on the vulnerability scan should include some reference that the scan of the datacenter included 27 Win2003SE machines that should be scheduled for replacement and deactivation.
  E. Remediation of all Win2003SE machines requires changes to configuration settings and compensating controls to be made through Microsoft Security Center's Win2003SE Advanced Configuration Toolkit.
  D. The resulting report on the vulnerability scan should include some reference that the scan of the datacenter included 27 Win2003SE machines that should be scheduled for replacement and deactivation.
  E. Remediation of all Win2003SE machines requires changes to configuration settings and compensating controls to be made through Microsoft Security Center's Win2003SE Advanced Configuration Toolkit.

• Question 948:

  A red team actor observes it is common practice to allow cell phones to charge on company computers, but access to the memory storage is blocked. Which of the following are common attack techniques that take advantage of this practice? (Choose two.)

  A. A USB attack that tricks the computer into thinking the connected device is a keyboard, and then sends characters one at a time as a keyboard to launch the attack (a prerecorded series of keystrokes)
  B. A USB attack that turns the connected device into a rogue access point that spoofs the configured wireless SSIDs
  C. A Bluetooth attack that modifies the device registry (Windows PCs only) to allow the flash drive to mount, and then launches a Java applet attack
  D. A Bluetooth peering attack called "Snarfing" that allows Bluetooth connections on blocked device types if physically connected to a USB port
  E. A USB attack that tricks the system into thinking it is a network adapter, then runs a user password hash gathering utility for offline password cracking
  C. A Bluetooth attack that modifies the device registry (Windows PCs only) to allow the flash drive to mount, and then launches a Java applet attack
  D. A Bluetooth peering attack called "Snarfing" that allows Bluetooth connections on blocked device types if physically connected to a USB port

• Question 949:

  Policy allows scanning of vulnerabilities during production hours, but production servers have been crashing lately due to unauthorized scans performed by junior technicians. Which of the following is the BEST solution to avoid production server downtime due to these types of scans?

  A. Transition from centralized to agent-based scans.
  B. Require vulnerability scans be performed by trained personnel.
  C. Configure daily-automated detailed vulnerability reports.
  D. Implement sandboxing to analyze the results of each scan.
  E. Scan only as required for regulatory compliance.
  B. Require vulnerability scans be performed by trained personnel.

• Question 950:

  A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during incident response. Which of the following procedures is the NEXT step for further investigation?

  A. Data carving
  B. Timeline construction
  C. File cloning
  D. Reverse engineering
  D. Reverse engineering