An internally developed file-monitoring system identified the following excerpt as causing a program to crash often:
char filedata[100]; fp = fopen(`access.log`, `r`); srtcopy (filedata, fp); printf (`%s\n`, filedata);
Which of the following should a security analyst recommend to fix the issue?
A. Open the access.log file ri read/write mode.
B. Replace the strcpv function.
C. Perform input samtizaton
D. Increase the size of the file data buffer
A security analyst recently observed evidence of an attack against a company's web server. The analyst investigated the issue but was unable to find an exploit that adequately explained the observations.
Which of the following is the MOST likely cause of this issue?
A. The security analyst needs updated forensic analysis tools.
B. The security analyst needs more training on threat hunting and research.
C. The security analyst has potentially found a zero-day vulnerability that has been exploited.
D. The security analyst has encountered a polymorphic piece of malware.
An incident response team is responding to a breach of multiple systems that contain Pll and PHI Disclosure of the incident to external entities should be based on:
A. the responder's discretion.
B. the public relations policy.
C. the communication plan.
D. the senior management team's guidance.
During an incident investigation, a security analyst discovers the web server is generating an unusually high volume of logs The analyst observes the following response codes:
1.
20% of the logs are 403
2.
20% of the logs are 404
3.
50% of the logs are 200
4.
10% of the logs are other codes
The server generates 2MB of logs on a daily basis, and the current day log is over 200MB.
Which of the following commands should the analyst use to identify the source of the activity?
A. cat access_log Igrep " 403 "
B. cat access_log Igrep " 200 "
C. cat access_log Igrep " 100 "
D. cat access_log Igrep " 4 04 "
E. cat access_log Igrep " 204 "
An organization's network administrator uncovered a rogue device on the network that is emulating the characteristics of a switch. The device is trunking protocols and inserting tagging values to control the flow of traffic at the data link layer. Which of the following BEST describes the attack?
A. DNS pharming
B. VLAN hopping
C. Spoofing
D. Injection attack
An organizational policy requires one person to input accounts payable and another to do accounts receivable. A separate control requires one person to write a check and another person to sign all checks greater than $5,000 and to get an additional signature for checks greater than $10,000.
Which of the following controls has the organization implemented?
A. Segregation of duties
B. Job rotation
C. Non-repudiaton
D. Dual control
According to a static analysis report for a web application, a dynamic code evaluation script injection vulnerability was found. Which of the following actions is the BEST option to fix the vulnerability in the source code?
A. Delete the vulnerable section of the code immediately.
B. Create a custom rule on the web application firewall.
C. Validate user input before execution and interpretation.
D. Use parameterized queries.
An organization is adopting loT devices at an increasing rate and will need to account for firmware updates in its vulnerability management programs. Despite the number of devices being deployed, the organization has only focused on software patches so far. leaving hardware-related weaknesses open to compromise.
Which of the following best practices will help the organization to track and deploy trusted firmware updates as part of its vulnerability management programs?
A. Utilize threat intelligence to guide risk evaluation activities and implement critical updates after proper testing.
B. Apply all firmware updates as soon as they are released to mitigate the risk of compromise.
C. Determine an annual patch cadence to ensure all patching occurs at the same time.
D. Implement an automated solution that detects when vendors release firmware updates and immediately deploy updates to production.
A security technician configured a NIDS to monitor network traffic. Which of the following is a condition in which harmless traffic is classified as a potential network attack?
A. True positive
B. True negative
C. False positive
D. False negative
A security analyst is attempting to resolve an incident in which highly confidential company pricing information was sent to clients. It appears this information was unintentionally sent by an employee who attached it to public marketing material.
Which of the following configuration changes would work BEST to limit the risk of this incident being repeated?
A. Add client addresses to the blocklist.
B. Update the DLP rules and metadata.
C. Sanitize the marketing material.
D. Update the insider threat procedures.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.