CompTIA CompTIA Certifications CS0-002 Questions & Answers

• Question 421:

  The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The security analyst notices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adverse reactions, server functionality does not seem to be affected, and no malware was found after a scan.

  Which of the following actions should the analyst take?

  A. Reschedule the automated patching to occur during business hours.

  B. Monitor the web application service for abnormal bandwidth consumption.

  C. Create an incident ticket for anomalous activity.

  D. Monitor the web application for service interruptions caused from the patching.

  Correct Answer: C

• Question 422:

  There have been several exploits to critical devices within the network. However, there is currently no process to perform vulnerability analysis.

  Which of the following should the security analyst implement during production hours to identify critical threats and vulnerabilities?

  A. Asset inventory of all critical devices

  B. Vulnerability scanning frequency that does not interrupt workflow

  C. Daily automated reports of exploited devices

  D. Scanning of all types of data regardless of sensitivity levels

  Correct Answer: B

• Question 423:

  A cybersecurity analyst is hired to review the security posture of a company. The cybersecurity analyst notices a very high network bandwidth consumption due to SYN floods from a small number of IP addresses.

  Which of the following would be the BEST action to take to support incident response?

  A. Increase the company's bandwidth.

  B. Apply ingress filters at the routers.

  C. Install a packet capturing tool.

  D. Block all SYN packets.

  Correct Answer: B

• Question 424:

  During a routine network scan, a security administrator discovered an unidentified service running on a new embedded and unmanaged HVAC controller, which is used to monitor the company's datacenter:

  

  The enterprise monitoring service requires SNMP and SNMPTRAP connectivity to operate. Which of the following should the security administrator implement to harden the system?

  A. Patch and restart the unknown service.

  B. Segment and firewall the controller's network.

  C. Disable the unidentified service on the controller.

  D. Implement SNMPv3 to secure communication.

  E. Disable TCP/UDP ports 161 through 163.

  Correct Answer: A

• Question 425:

  Which of the following is a feature of virtualization that can potentially create a single point of failure?

  A. Server consolidation

  B. Load balancing hypervisors

  C. Faster server provisioning

  D. Running multiple OS instances

  Correct Answer: A

• Question 426:

  An organization is attempting to harden its web servers and reduce the information that might be disclosed by potential attackers. A security analyst is reviewing vulnerability scan results from a recent web server scan.

  Portions of the scan results are shown below:

  

  Which of the following lines indicates information disclosure about the host that needs to be remediated?

  A. Response: :\Documents\MarySmith\mailingList.pdf

  B. Finding#5144322

  C. First Time Detected 10 Nov 2015 09:00 GMT-0600

  D. Access Path: http://myOrg.com/mailingList.htm

  E. Request: GET http://myOrg.com/mailingList.aspx?content=volunteer

  Correct Answer: A

• Question 427:

  While preparing for a third-party audit, the vice president of risk management and the vice president of information technology have stipulated that the vendor may not use offensive software during the audit. This is an example of:

  A. organizational control.

  B. service-level agreement.

  C. rules of engagement.

  D. risk appetite

  Correct Answer: C

• Question 428:

  A company has several internal-only, web-based applications on the internal network. Remote employees are allowed to connect to the internal corporate network with a company-supplied VPN client. During a project to upgrade the internal application, contractors were hired to work on a database server and were given copies of the VPN client so they could work remotely. A week later, a security analyst discovered an internal web-server had been compromised by malware that originated from one of the contractor's laptops. Which of the following changes should be made to BEST counter the threat presented in this scenario?

  A. Create a restricted network segment for contractors, and set up a jump box for the contractors to use to access internal resources.

  B. Deploy a web application firewall in the DMZ to stop Internet-based attacks on the web server.

  C. Deploy an application layer firewall with network access control lists at the perimeter, and then create alerts for suspicious Layer 7 traffic.

  D. Require the contractors to bring their laptops on site when accessing the internal network instead of using the VPN from a remote location.

  E. Implement NAC to check for updated anti-malware signatures and location-based rules for PCs connecting to the internal network.

  Correct Answer: E

• Question 429:

  Which of the following stakeholders would need to be aware of an e-discovery notice received by the security office about an ongoing case within the manufacturing department?

  A. Board of trustees

  B. Human resources

  C. Legal

  D. Marketing

  Correct Answer: C

• Question 430:

  A cybersecurity analyst has several log files to review. Instead of using grep and cat commands, the analyst decides to find a better approach to analyze the logs. Given a list of tools, which of the following would provide a more efficient way for the analyst to conduct a timeline analysis, do keyword searches, and output a report?

  A. Kali

  B. Splunk

  C. Syslog

  D. OSSIM

  Correct Answer: B