CompTIA CompTIA Certifications CS0-002 Questions & Answers

• Question 231:

  An organization subscribes to multiple third-party security intelligence feeds. It receives a notification from one of these feeds indicating a zero-day malware attack is impacting the SQL server prior to SP 2. The notification also indicates that infected systems attempt to communicate to external IP addresses on port 2718 to download additional payload. After consulting with the organization's database administrator, it is determined that there are several SQL servers that are still on SP 1, and none of the SQL servers would normally communicate over port 2718. Which of the following is the BEST mitigation step to implement until the SQL servers can be upgraded to SP 2 with minimal impact to the network?

  A. Create alert rules on the IDS for all outbound traffic on port 2718 from the IP addresses if the SQL servers running SQL SP 1

  B. On the organization's firewalls, create a new rule that blocks outbound traffic on port 2718 from the IP addresses of the servers running SQL SP 1

  C. Place all the SQL servers running SP 1 on a separate subnet On the firewalls, create a new rule blocking connections to destination addresses external to the organization's network

  D. On the SQL servers running SP 1, install vulnerability scanning software

  Correct Answer: B

• Question 232:

  A cybersecurity analyst is investigating an incident report concerning a specific user workstation. The workstation is exhibiting high CPU and memory usage, even when first started, and network bandwidth usage is extremely high. The user reports that applications crash frequently, despite the fact that no significant changes in work habits have occurred. An antivirus scan reports no known threats. Which of the following is the MOST likely reason for this?

  A. Advanced persistent threat

  B. Zero day

  C. Trojan

  D. Logic bomb

  Correct Answer: B

• Question 233:

  During a tabletop exercise, it is determined that a security analyst is required to ensure patching and scan reports are available during an incident, as well as documentation of all critical systems. To which of the following stakeholders should the analyst provide the reports?

  A. Management

  B. Affected vendors

  C. Security operations

  D. Legal

  Correct Answer: A

• Question 234:

  The Chief Information Security Officer (CISO) has decided that all accounts with elevated privileges must use a longer, more complicated passphrase instead of a password. The CISO would like to formally document management's intent to set this control level. Which of the following is the appropriate means to achieve this?

  A. A control

  B. A standard

  C. A policy

  D. A guideline

  Correct Answer: C

• Question 235:

  During a physical penetration test at a client site, a local law enforcement officer stumbled upon the test questioned the legitimacy of the team.

  Which of the following information should be shown to the officer?

  A. Letter of engagement

  B. Scope of work

  C. Timing information

  D. Team reporting

  Correct Answer: A

• Question 236:

  A security analyst is performing a stealth black-box audit of the local WiFi network and is running a wireless sniffer to capture local WiFi network traffic from a specific wireless access point. The SSID is not appearing in the sniffing logs of the local wireless network traffic. Which of the following is the best action that should be performed NEXT to determine the SSID?

  A. Set up a fake wireless access point

  B. Power down the wireless access point

  C. Deauthorize users of that access point

  D. Spoof the MAC addresses of adjacent access points

  Correct Answer: A

• Question 237:

  An analyst is detecting Linux machines on a Windows network. Which of the following tools should be used to detect a computer operating system?

  A. whois

  B. netstat

  C. nmap

  D. nslookup

  Correct Answer: C

• Question 238:

  A security analyst has performed various scans and found vulnerabilities in several applications that affect production data. Remediation of all exploits may cause certain applications to no longer work. Which of the following activities would need to be conducted BEFORE remediation?

  A. Fuzzing

  B. Input validation

  C. Change control

  D. Sandboxing

  Correct Answer: C

• Question 239:

  An application contains the following log entries in a file named "authlog.log":

  

  A security analyst has been asked to parse the log file and print out all valid usernames. Which of the following achieves this task?

  A. grep -e "successfully" authlog.log | awk `{print $2}' | sed s/\'//g

  B. cat authlog.log | grep "2016-01-01" | echo "valid username found: $2"

  C. echo authlog.log > sed `s/User//' | print "username exists: $User"

  D. cat "authlog.log" | grep "User" | cut -F' ` | echo "username exists: $1"

  Correct Answer: D

• Question 240:

  A technician is troubleshooting a desktop computer with low disk space. The technician reviews the following information snippets:

  

  Which of the following should the technician do to BEST resolve the issue based on the above information? (Choose two.)

  A. Delete the movies/movies directory

  B. Disable the movieDB service

  C. Enable OS auto updates

  D. Install a file integrity tool

  E. Defragment the disk

  Correct Answer: BE