CompTIA CompTIA Certifications CS0-002 Questions & Answers

• Question 151:

  During a review of vulnerability scan results, an analyst determines the results may be flawed because a control-baseline system, which is used to evaluate a scanning tool's effectiveness, was reported as not vulnerable. Consequently, the analyst verifies the scope of the scan included the control-baseline host, which was available on the network during the scan. The use of a control-baseline endpoint in this scenario assists the analyst in confirming:

  A. verification of mitigation.

  B. false positives.

  C. false negatives.

  D. the criticality index.

  E. hardening validation.

  Correct Answer: C

  https://www.examtopics.com/discussions/comptia/view/53829-exam-cs0-002-topic-1-question-145-discussion/

• Question 152:

  Which of the following sources would a security analyst rely on to provide relevant and timely threat information concerning the financial services industry?

  A. Real-time and automated firewall rules subscriptions

  B. Open-source intelligence, such as social media and blogs

  C. Information sharing and analysis membership

  D. Common vulnerability and exposure bulletins

  Correct Answer: C

• Question 153:

  The Chief Information Officer (CIO) for a large manufacturing organization has noticed a significant number of unknown devices with possible malware infections are on the organization's corporate network. Which of the following would work BEST to prevent the issue?

  A. Reconfigure the NAC solution to prevent access based on a full device profile and ensure antivirus is installed.

  B. Segment the network to isolate all systems that contain highly sensitive information, such as intellectual property.

  C. Implement certificate validation on the VPN to ensure only employees with the certificate can access the company network.

  D. Update the antivirus configuration to enable behavioral and real-time analysis on all systems within the network.

  Correct Answer: A

• Question 154:

  A security analyst recently used Arachni to perform a vulnerability assessment of a newly developed web application. The analyst is concerned about the following output:

  

  Which of the following is the MOST likely reason for this vulnerability?

  A. The developer set input validation protection on the specific field of search.aspx.

  B. The developer did not set proper cross-site scripting protections in the header.

  C. The developer did not implement default protections in the web application build.

  D. The developer did not set proper cross-site request forgery protections.

  Correct Answer: A

• Question 155:

  An information security analyst discovered a virtual machine server was compromised by an attacker. Which of the following should be the FIRST step to confirm and respond to the incident?

  A. Pause the virtual machine,

  B. Shut down the virtual machine.

  C. Take a snapshot of the virtual machine.

  D. Remove the NIC from the virtual machine.

  Correct Answer: A

  Enumeration is the process of discovering and listing information. Network enumeration is the process of discovering pieces of information that might be helpful in a network attack or compromise. There are several techniques used to perform enumeration and several tools that make the process easier for both testers and attackers. Let's take a look at these techniques and tools.

• Question 156:

  Which of the following session management techniques will help to prevent a session identifier from being stolen via an XSS attack?

  A. Ensuring the session identifier length is sufficient

  B. Creating proper session identifier entropy

  C. Applying a secure attribute on session cookies

  D. Utilizing transport layer encryption on all requests

  E. Implementing session cookies with the HttpOnly flag

  Correct Answer: B

• Question 157:

  The Chief Executive Officer (CEO) of a large insurance company has reported phishing emails that contain malicious links are targeting the entire organization. Which of the following actions would work BEST to prevent against this type of attack?

  A. Turn on full behavioral analysis to avert an infection.

  B. Implement an EDR mail module that will rewrite and analyze email links.

  C. Reconfigure the EDR solution to perform real-time scanning of all files.

  D. Ensure EDR signatures are updated every day to avert infection.

  E. Modify the EDR solution to use heuristic analysis techniques for malware.

  Correct Answer: B

• Question 158:

  A forensic analyst took an image of a workstation that was involved in an incident To BEST ensure the image is not tampered with me analyst should use:

  A. hashing

  B. backup tapes

  C. a legal hold

  D. chain of custody.

  Correct Answer: A

• Question 159:

  When reviewing a compromised authentication server, a security analyst discovers the following hidden file:

  

  Further analysis shows these users never logged in to the server.

  Which of the following types of attacks was used to obtain the file and what should the analyst recommend to prevent this type of attack from reoccurring?

  A. A rogue LDAP server is installed on the system and is connecting passwords. The analyst should recommend wiping and reinstalling the server.

  B. A password spraying attack was used to compromise the passwords. The analyst should recommend that all users receive a unique password.

  C. A rainbow tables attack was used to compromise the accounts. The analyst should recommend that future password hashes contains a salt.

  D. A phishing attack was used to compromise the account. The analyst should recommend users install endpoint protection to disable phishing links.

  Correct Answer: B

• Question 160:

  Employees of a large financial company are continuously being Infected by strands of malware that are not detected by EDR tools. When of the following Is the BEST security control to implement to reduce corporate risk while allowing employees to exchange files at client sites?

  A. MFA on the workstations

  B. Additional host firewall rules

  C. VDI environment

  D. Hard drive encryption

  E. Network access control F. Network segmentation

  Correct Answer: C