CompTIA CompTIA Certifications CS0-002 Questions & Answers

• Question 251:

  A corporation has implemented an 802.1X wireless network using self-signed certificates. Which of the following represents a risk to wireless users?

  A. Buffer overflow attacks

  B. Cross-site scripting attacks

  C. Man-in-the-middle attacks

  D. Denial of service attacks

  Correct Answer: C

• Question 252:

  An organization has recently found some of its sensitive information posted to a social media site. An investigation has identified large volumes of data leaving the network with the source traced back to host 192.168.1.13. An analyst performed a targeted Nmap scan of this host with the results shown below:

  

  Subsequent investigation has allowed the organization to conclude that all of the well-known, standard ports are secure. Which of the following services is the problem?

  A. winHelper

  B. ssh

  C. rpcbind

  D. timbuktu-serv1

  E. mysql

  Correct Answer: D

• Question 253:

  A SIEM alert occurs with the following output:

  

  Which of the following BEST describes this alert?

  A. The alert is a false positive; there is a device with dual NICs

  B. The alert is valid because IP spoofing may be occurring on the network

  C. The alert is a false positive; both NICs are of the same brand

  D. The alert is valid because there may be a rogue device on the network

  Correct Answer: B

• Question 254:

  An analyst is examining a system that is suspected of being involved in an intrusion. The analyst uses the command `cat/etc/passwd' and receives the following partial output:

  

  Based on the above output, which of the following should the analyst investigate further?

  A. User `daemon' should not have a home directory of /usr/sbin

  B. User `root' should not have a home directory of /root

  C. User `news' should not have a default shell of /bin/bash

  D. User `mail' should not have a default shell of /usr/sbin/nologin

  Correct Answer: C

• Question 255:

  A security analyst wants to confirm a finding from a penetration test report on the internal web server. To do so, the analyst logs into the web server using SSH to send the request locally. The report provides a link to https://hrserver.internal/../

  ../etc/passwd, and the server IP address is 10.10.10.15.

  However, after several attempts, the analyst cannot get the file, despite attempting to get it using different ways, as shown below.

  

  Which of the following would explain this problem? (Choose two.)

  A. The web server uses SNI to check for a domain name

  B. Requests can only be sent remotely to the web server

  C. The password file is write protected

  D. The web service has not started

  Correct Answer: A

• Question 256:

  Due to a security breach initiated from South America, the Chief Security Officer (CSO) instructed a team to design and implement an appropriate security control to prevent such an attack from reoccurring. The company has sales and consulting teams across the United States that need access to company resources. The security manager implemented a location-based authentication to prevent non-US-based access to the company networks. Three months later, the same incident reoccurred with an attack originating from a country in Asia. Which of the following security design defects could be the cause?

  A. The team did not account for the VPN access and did not ensure non-repudiation

  B. The company just replaced a firewall that had a DDoS vulnerability

  C. The sales and supports are reusing the same passwords for their personal accounts, such as banking and email

  D. The hackers left a backdoor within the company networks that was not cleaned successfully

  Correct Answer: A

• Question 257:

  A user received an invalid password response when trying to change the password. Which of the following policies could explain why the password is invalid?

  A. Access control policy

  B. Account management policy

  C. Password policy

  D. Data ownership policy

  Correct Answer: C

• Question 258:

  A security analyst is conducting traffic analysis following a potential web server breach. The analyst wants to investigate client-side server errors.

  

  Which of the following lines of this query output should be investigated further?

  B. 2

  C. 3

  D. 4

  Correct Answer: C

• Question 259:

  An organization recently had its strategy posted to a social media website. The document posted to the website is an exact copy of a document stored on only one server in the organization. A security analyst sees the following output from a command-line entry on the server suspected of the problem:

  

  Which of the following would be the BEST course of action?

  A. Remove the malware associated with PID 773

  B. Monitor all the established TCP connections for data exfiltration

  C. Investigate the malware associated with PID 123

  D. Block all TCP connections at the firewall

  E. Figure out which of the Firefox processes is the malware

  Correct Answer: A

• Question 260:

  An organization has had problems with security teams remediating vulnerabilities that are either false positives or are not applicable to the organization's servers. Management has put emphasis on security teams conducting detailed analysis and investigation before conducting any remediation.

  The output from a recent Apache web server scan is shown below:

  

  The team performs some investigation and finds this statement from Apache on 07/02/2008:

  "Fixed in Apache HTTP server 2.2.6, 2.0.61, and 1.3.39"

  Which of the following conditions would require the team to perform remediation on this finding?

  A. The organization is running version 2.2.6 and has ExtendedStatus enabled

  B. The organization is running version 2.0.59 is not using a public-server-status page

  C. The organization is running version 1.3.39 and is using a public-server-status page

  D. The organization is running version 2.0.5 and has ExtendedStatus enabled

  Correct Answer: D