Best CompTIA CS0-002 2022 Training With 497 QA's [Q213-Q232]

Share

Best CompTIA CS0-002 2022 Training With 497 QA's

CompTIA CS0-002 Certification Exam Questions

NEW QUESTION 213
A corporation employs a number of small-form-factor workstations and mobile devices, and an incident response team is therefore required to build a forensics kit with tools to support chip-off analysis. Which of the following tools would BEST meet this requirement?

  • A. Last-level cache readers
  • B. ZIF adapters
  • C. Write-blockers
  • D. JTAG adapters

Answer: D

 

NEW QUESTION 214
Which of the following BEST articulates the benefit of leveraging SCAP in an organization's cybersecurity analysis toolset?

  • A. It enables standard checklist and vulnerability analysis expressions for automation
  • B. It establishes a continuous integration environment for software development operations
  • C. It provides validation of suspected system vulnerabilities through workflow orchestration
  • D. It automatically performs remedial configuration changes to enterprise security services

Answer: A

 

NEW QUESTION 215
A vulnerability scan has returned the following information:

Which of the following describes the meaning of these results?

  • A. Connecting to the host using a null session allows enumeration of share names.
  • B. There is an unknown bug in a Lotus server with no Bugtraq ID.
  • C. Trend Micro has a known exploit that must be resolved or patched.
  • D. No CVE is present, so it is a false positive caused by Lotus running on a Windows server.

Answer: A

 

NEW QUESTION 216
A security analyst is reviewing IDS logs and notices the following entry:

Which of the following attacks is occurring?

  • A. Cross-site scripting
  • B. Header manipulation
  • C. XML injection
  • D. SQL injection

Answer: D

 

NEW QUESTION 217
An analyst is detecting Linux machines on a Windows network. Which of the following tools should be used to detect a computer operating system?

  • A. whois
  • B. nmap
  • C. nslookup
  • D. netstat

Answer: B

 

NEW QUESTION 218
An organization's network administrator uncovered a rogue device on the network that is emulating the charactenstics of a switch. The device is trunking protocols and inserting tagging va
the flow of traffic at the data link layer
Which of the following BEST describes this attack?

  • A. Spoofing
  • B. VLAN hopping
  • C. Injection attack
  • D. DNS pharming

Answer: B

 

NEW QUESTION 219
A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources.
Which of the following BEST describes this attack?

  • A. Array attack
  • B. Injection attack
  • C. Memory corruption
  • D. Denial of service

Answer: C

 

NEW QUESTION 220
Alerts have been received from the SIEM, indicating infections on multiple computers. Base on threat characteristics, these files were quarantined by the host-based antivirus program. At the same time, additional alerts in the SIEM show multiple blocked URLs from the address of the infected computers; the URLs were classified as uncategorized. The domain location of the IP address of the URLs that were blocked is checked, and it is registered to an ISP in Russia. Which of the following steps should be taken NEXT?

  • A. Remove those computers from the network and replace the hard drives. Send the infected hard drives out for investigation.
  • B. Install a computer with the same settings as the infected computers in the DMZ to use as a honeypot.
    Permit the URLs classified as uncategorized to and from that host.
  • C. Run a full antivirus scan on all computers and use Splunk to search for any suspicious activity that happened just before the alerts were received in the SIEM.
  • D. Run a vulnerability scan and patch discovered vulnerabilities on the next pathing cycle. Have the users restart their computers. Create a use case in the SIEM to monitor failed logins on the infected computers.

Answer: C

 

NEW QUESTION 221
A security analyst is deploying a new application in the environment. The application needs to be integrated with several existing applications that contain SPI Pnor to the deployment, the analyst should conduct:

  • A. a PCI assessment
  • B. an application stress test.
  • C. a tabletop exercise
  • D. a business impact analysis

Answer: D

 

NEW QUESTION 222
An organization has the following policies:
*Services must run on standard ports.
*Unneeded services must be disabled.
The organization has the following servers:
*192.168.10.1 - web server
*192.168.10.2 - database server
A security analyst runs a scan on the servers and sees the following output:

Which of the following actions should the analyst take?

  • A. Disable SSH on both servers.
  • B. Disable MSSQL on 192.168.10.2.
  • C. Disable HTTPS on 192.168.10.1.
  • D. Disable IIS on 192.168.10.1.
  • E. Disable DNS on 192.168.10.2.

Answer: E

 

NEW QUESTION 223
A Chief Executive Officer (CEO) is concerned about the company's intellectual property being leaked to competitors. The security team performed an extensive review but did not find any indication of an outside breach. The data sets are currently encrypted using the Triple Data Encryption Algorithm. Which of the following courses of action is appropriate?

  • A. Ensure the data is correctly classified and labeled, and that DLP rules are appropriate to prevent disclosure.
  • B. Limit all access to the sensitive data based on geographic access requirements with strict role-based access controls.
  • C. Use data tokenization on sensitive fields, reencrypt the data sets using AES-256, and then create an MD5 hash.
  • D. Enable data masking and reencrypt the data sets using AES-256.

Answer: A

 

NEW QUESTION 224
A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:

Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

  • A. PC1
  • B. Server1
  • C. Firewall
  • D. Server2
  • E. PC2

Answer: E

 

NEW QUESTION 225
A security analyst at a technology solutions firm has uncovered the same vulnerabilities on a vulnerability scan for a long period of time. The vulnerabilities are on systems that are dedicated to the firm's largest client. Which of the following is MOST likely inhibiting the remediation efforts?

  • A. There is a potential disruption of the vendor-client relationship
  • B. There is an SLA with the client that allows very little downtime
  • C. The parties have an MOU between them that could prevent shutting down the systems
  • D. Patches for the vulnerabilities have not been fully tested by the software vendor

Answer: B

 

NEW QUESTION 226
Which of the following describes why it is important for an organization's incident response team and legal department to meet and discuss communication processes during the incident response process?

  • A. To identify which group will communicate details to law enforcement in the event of a security incident
  • B. To ensure all parties know their roles and effective lines of communication are established
  • C. To predetermine what details should or should not be shared with internal or external parties in the event of an incident
  • D. To comply with existing organization policies and procedures on interacting with internal and external parties

Answer: D

 

NEW QUESTION 227
An analyst is reviewing a list of vulnerabilities, which were reported from a recent vulnerability scan of a Linux server.
Which of the following is MOST likely to be a false positive?

  • A. OpenSSH/OpenSSL Package Random Number Generator Weakness
  • B. Apache HTTP Server Byte Range DoS
  • C. GDI+ Remote Code Execution Vulnerability (MS08-052)
  • D. SSL Certificate Expiry
  • E. HTTP TRACE / TRACK Methods Allowed (002-1208)

Answer: C

 

NEW QUESTION 228
An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application The working hypothesis is as follows:
* Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant target
* The platform Is most likely vulnerable to poor patching and Inadequate server hardening, which expose vulnerable services.
* The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.
As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SOL injection attacks Which of the following BEST represents the technique in use?

  • A. Profiling threat actors and activities
  • B. Reducing the attack surface area
  • C. Improving detection capabilities
  • D. Bundling critical assets

Answer: B

 

NEW QUESTION 229
A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company's network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?

  • A. Someone has configured an unauthorized SMTP application over SSL
  • B. The server is receiving a secure connection using the new TLS 1.3 standard
  • C. The traffic is common static data that Windows servers send to Microsoft
  • D. A connection from the database to the web front end is communicating on the port

Answer: A

 

NEW QUESTION 230
Which of the following is MOST closely related to the concept of privacy?

  • A. An individual's control over personal information
  • B. The implementation of confidentiality, integrity, and availability
  • C. A policy implementing strong identity management processes
  • D. A system's ability to protect the confidentiality of sensitive information

Answer: A

 

NEW QUESTION 231
An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to attain the desired outcome?

  • A. Configure the systems with a cold site at another cloud provider that can be used for failover.
  • B. Duplicate all services in another instance and load balance between the instances.
  • C. Establish a hot site with active replication to another region within the same cloud provider.
  • D. Set up a warm disaster recovery site with the same cloud provider in a different region

Answer: B

 

NEW QUESTION 232
......

Quickly and Easily Pass CompTIA Exam with CS0-002 real Dumps: https://www.briandumpsprep.com/CS0-002-prep-exam-braindumps.html

Realistic CS0-002 Dumps Questions To Gain Brilliant Result: https://drive.google.com/open?id=1dufRokruRM7o_2tHm6PNE3D7FdWCOmpI