CompTIA CS0-002 Online Practice Questions and Exam Preparation

CompTIA CS0-002 Online Questions & Answers

• Question 961:

  An organization used a third party to conduct a security audit and discovered several deficiencies in the cybersecurity program. The findings noted many external vulnerabilities that were not caught by the vulnerability scanning software, numerous weaknesses that allowed lateral movement, and gaps in monitoring that did not detect the activity of the auditors. Based on these findings, which of the following would be the BEST long-term enhancement to the security program?

  A. Quarterly external penetration testing
  B. Monthly tabletop scenarios
  C. Red-team exercises
  D. Audit exercises
  D. Audit exercises

• Question 962:

  A security analyst has determined the security team should take action based on the following log:

  

  Which of the following should be used to improve the security posture of the system?

  A. Enable login account auditing.
  B. Limit the number of unsuccessful login attempts.
  C. Upgrade the firewalls.
  D. Increase password complexity requirements.
  B. Limit the number of unsuccessful login attempts.

• Question 963:

  A security analyst receives a mobile device with symptoms of a virus infection. The virus is morphing whenever it is from sandbox to sandbox to analyze. Which of the following will help to identify the number of variations through the analysis life cycle?

  A. Journaling
  B. Hashing utilities
  C. Log viewers
  D. OS and process analysis
  D. OS and process analysis

• Question 964:

  The Chief Information Security Officer (CISO) has decided that all accounts with elevated privileges must use a longer, more complicated passphrase instead of a password. The CISO would like to formally document management's intent to set this control level. Which of the following is the appropriate means to achieve this?

  A. A control
  B. A standard
  C. A policy
  D. A guideline
  C. A policy

• Question 965:

  After completing a vulnerability scan, the following output was noted:

  

  Which of the following vulnerabilities has been identified?

  A. PKI transfer vulnerability.
  B. Active Directory encryption vulnerability.
  C. Web application cryptography vulnerability.
  D. VPN tunnel vulnerability.
  C. Web application cryptography vulnerability.

• Question 966:

  The board of directors made the decision to adopt a cloud-first strategy. The current security infrastructure was designed for on-premises implementation. A critical application that is subject to the Federal Information Security Management Act (FISMA) of 2002 compliance has been identified as a candidate for a hybrid cloud deployment model. Which of the following should be conducted FIRST?

  A. Develop a request for proposal.
  B. Perform a risk assessment.
  C. Review current security controls.
  D. Review the SLA for FISMA compliance.
  C. Review current security controls.

• Question 967:

  A system's authority to operate (ATO) is set to expire in four days. Because of other activities and limited staffing, the organization has neglected to start reauthentication activities until now. The cybersecurity group just performed a vulnerability scan with the partial set of results shown below:

  

  Based on the scenario and the output from the vulnerability scan, which of the following should the security team do with this finding?

  A. Remediate by going to the web config file, searching for the enforce HTTP validation setting, and manually updating to the correct setting.
  B. Accept this risk for now because this is a "high" severity, but testing will require more than the four days available, and the system ATO needs to be competed.
  C. Ignore it. This is false positive, and the organization needs to focus its efforts on other findings.
  D. Ensure HTTP validation is enabled by rebooting the server.
  A. Remediate by going to the web config file, searching for the enforce HTTP validation setting, and manually updating to the correct setting.

• Question 968:

  SIMULATION

  Part1-AppServ4

  You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not. The company's hardening guidelines indicate the following:

  1. TLS 1.2 is the only version of TLS running.

  2. Apache 2.4.18 or greater should be used.

  3. Only default ports should be used.

  INSTRUCTIONS

  Using the supplied data, record the status of compliance with the company's guidelines for each server.

  The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.

  

  Hot Area:

  

  

  ---

  Explanation/Reference:

  AppServ4 is using TLS.1.2 and Apache 2.4.18 or greater (check 2 boxes)

• Question 969:

  An organization has not had an incident for several month. The Chief information Security Officer (CISO) wants to move to proactive stance for security investigations. Which of the following would BEST meet that goal?

  A. Root-cause analysis
  B. Active response
  C. Advanced antivirus
  D. Information-sharing community
  E. Threat hunting
  E. Threat hunting

• Question 970:

  As part of an upcoming engagement for a client, an analyst is configuring a penetration testing application to ensure the scan complies with information defined in the SOW. Which of the following types of information should be considered based on information traditionally found in the SOW? (Select two.)

  A. Timing of the scan
  B. Contents of the executive summary report
  C. Excluded hosts
  D. Maintenance windows
  E. IPS configuration
  F. Incident response policies
  A. Timing of the scan
  C. Excluded hosts