CompTIA CompTIA Certifications CS0-002 Questions & Answers

• Question 161:

  An information security analyst on a threat-hunting team is working with administrators to create a hypothesis related to an internally developed web application. The working hypothesis is as follows:

  1.

  Due to the nature of the industry, the application hosts sensitive data associated with many clients and is a significant target.

  2.

  The platform is most likely vulnerable to poor patching and inadequate server hardening, which expose vulnerable services.

  3.

  The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.

  As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SQL injection attacks. Which of the following BEST represents the technique in use?

  A. Improving detection capabilities

  B. Bundling critical assets

  C. Profiling threat actors and activities

  D. Reducing the attack surface area

  Correct Answer: D

• Question 162:

  In system hardening, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

  A. SCAP

  B. Burp Suite

  C. OWASP ZAP

  D. Unauthenticated

  Correct Answer: D

• Question 163:

  A security analyst for a large pharmaceutical company was given credentials from a threat intelligence resources organisation for Internal users, which contain usernames and valid passwords for company accounts. Which of the following is the FIRST action the analyst should take as part of security operations monitoring?

  A. Run scheduled antivirus scans on all employees' machines to look for malicious processes.

  B. Reimage the machines of all users within the group in case of a malware infection.

  C. Change all the user passwords to ensure the malicious actors cannot use them.

  D. Search the event logs for event identifiers that indicate Mimikatz was used.

  Correct Answer: C

• Question 164:

  A cybersecurity analyst is dissecting an intrusion down to the specific techniques and wants to organize them in a logical manner. Which of the following frameworks would BEST apply in this situation?

  A. Pyramid of Pain

  B. MITRE ATTandCK

  C. Diamond Model of Intrusion Analysts

  D. CVSS v3.0

  Correct Answer: B

• Question 165:

  A security analyst is reviewing a suspected phishing campaign that has targeted an organisation. The organization has enabled a few email security technologies in the last year: however, the analyst believes the security features are not working. The analyst runs the following command:

  > dig domain._domainkey.comptia.orq TXT

  Which of the following email protection technologies is the analyst MOST likely validating?

  A. SPF

  B. DNSSEC

  C. DMARC

  D. DKIM

  Correct Answer: D

• Question 166:

  A Chief Security Officer (CSO) is working on the communication requirements (or an organization's incident response plan. In addition to technical response activities, which of the following is the main reason why communication must be addressed in an effective incident response program?

  A. Public relations must receive information promptly in order to notify the community.

  B. Improper communications can create unnecessary complexity and delay response actions.

  C. Organizational personnel must only interact with trusted members of the law enforcement community.

  D. Senior leadership should act as the only voice for the incident response team when working with forensics teams.

  Correct Answer: B

• Question 167:

  The Cruel Executive Officer (CEO) of a large insurance company has reported phishing emails that contain malicious links are targeting the entire organza lion Which of the following actions would work BEST to prevent against this type of attack?

  A. Turn on full behavioral analysis to avert an infection

  B. Implement an EOR mail module that will rewrite and analyze email links.

  C. Reconfigure the EDR solution to perform real-time scanning of all files

  D. Ensure EDR signatures are updated every day to avert infection.

  E. Modify the EDR solution to use heuristic analysis techniques for malware.

  Correct Answer: B

• Question 168:

  A security analyst is investigating an incident that appears to have started with SOL injection against a publicly available web application. Which of the following is the FIRST step the analyst should take to prevent future attacks?

  A. Modify the IDS rules to have a signature for SQL injection.

  B. Take the server offline to prevent continued SQL injection attacks.

  C. Create a WAF rule In block mode for SQL injection

  D. Ask the developers to implement parameterized SQL queries.

  Correct Answer: A

• Question 169:

  An analyst is reviewing the following output: Which of the following was MOST likely used to discover this?

  

  A. Reverse engineering using a debugger

  B. A static analysis vulnerability scan

  C. A passive vulnerability scan

  D. A web application vulnerability scan

  Correct Answer: D

• Question 170:

  An organization is assessing risks so it can prioritize its mitigation actions. Following are the risks and their probability and impact:

  

  Which of the following is the order of priority for risk mitigation from highest to lowest?

  A. A, B, C, D

  B. A, D, B, C

  C. B, C, A, D

  D. C, B, D, A

  E. D, A, C, B

  Correct Answer: B