CompTIA CompTIA Certifications CS0-002 Questions & Answers

• Question 591:

  A company experienced a security compromise due to the inappropriate disposal of one of its hardware appliances. Sensitive information stored on the hardware appliance was not removed prior to disposal.

  Which of the following is the BEST manner in which to dispose of the hardware appliance?

  A. Ensure the hardware appliance has the ability to encrypt the data before disposing of it.

  B. Dispose of all hardware appliances securely, thoroughly, and in compliance with company policies.

  C. Return the hardware appliance to the vendor, as the vendor is responsible for disposal.

  D. Establish guidelines for the handling of sensitive information.

  Correct Answer: B

• Question 592:

  A security analyst is reviewing WAF logs and notes requests against the corporate website are increasing and starting to impact the performance of the web server. The security analyst queries the logs for requests that triggered an alert on the WAF but were not blocked.

  Which of the following possible TTP combinations might warrant further investigation? (Select TWO).

  A. Requests identified by a threat intelligence service with a bad reputation

  B. Requests sent from the same IP address using different user agents

  C. Requests blocked by the web server per the input sanitization

  D. Failed log-in attempts against the web application

  E. Requests sent by NICs with outdated firmware

  F. Existence of HTTP/501 status codes generated to the same IP address

  Correct Answer: BF

• Question 593:

  Which of the following can detect vulnerable third-party libraries before code deployment?

  A. Impact analysis

  B. Dynamic analysis

  C. Static analysis

  D. Protocol analysis

  Correct Answer: C

• Question 594:

  A company employee downloads an application from the internet. After the installation, the employee begins experiencing noticeable performance issues, and files are appearing on the desktop.

  

  Which of the following processes will the security analyst Identify as the MOST likely indicator of system compromise given the processes running in Task Manager?

  A. Chrome.exe

  B. Word.exe

  C. Explorer.exe

  D. mstsc.exe

  E. taskmgr.exe

  Correct Answer: D

• Question 595:

  During an Incident, it Is determined that a customer database containing email addresses, first names, and last names was exfiltrated. Which ot the following should the security analyst do NEXT?

  A. Consult with the legal department for regulatory impact.

  B. Encrypt the database with available tools.

  C. Email the customers to inform them of the breach.

  D. Follow the incident communications process.

  Correct Answer: D

• Question 596:

  The security team decides to meet informally to discuss and test the response plan for potential security breaches and emergency situations. Which of the following types of training will the security team perform?

  A. Tabletop exercise

  B. Red-team attack

  C. System assessment implementation

  D. Blue-team training

  E. White-team engagement

  Correct Answer: A

  A tabletop exercise is a type of training used to assess an organization's preparedness in responding to emergencies and security breaches. It involves discussing various scenarios and simulating how the organization would react in each situation. https://www.comptia.org/content/tabletop-exercises.

• Question 597:

  An organization's Cruel Information Security Officer is concerned the proper control are not in place to identify a malicious insider.

  Which of the following techniques would be BEST to identify employees who attempt to steal data or do harm to the organization?

  A. Place a text file named Passwords txt on the local file server and create a SIEM alert when the file is accessed

  B. Segment the network so workstations are segregated from servers and implement detailed logging on the jumpbox

  C. Perform a review of all users with privileged access and monitor web activity logs from the organization's pfoxy

  D. Analyze logs to determine if a user is consuming large amounts of bandwidth at odd hours ol the day

  Correct Answer: D

• Question 598:

  An organization has the following policies:

  1.

  Services must run on standard ports.

  2.

  Unneeded services must be disabled.

  The organization has the following servers:

  192.168.10.1 - web server

  192.168.10.2 - database server

  A security analyst runs a scan on the servers and sees the following output:

  

  Which of the following actions should the analyst take?

  A. Disable HTTPS on 192.168.10.1.

  B. Disable IIS on 192.168.10.1.

  C. Disable DNS on 192.168.10.2.

  D. Disable MSSQL on 192.168.10.2.

  E. Disable SSH on both servers.

  Correct Answer: C

• Question 599:

  Forming a hypothesis, looking for indicators of compromise, and using the findings to proactively improve detection capabilities are examples of the value of:

  A. vulnerability scanning.

  B. threat hunting.

  C. red learning.

  D. penetration testing.

  Correct Answer: B

• Question 600:

  During a review of the vulnerability scan results on a server, an information security analyst notices the following:

  

  The MOST appropriate action for the analyst to recommend to developers is to change the web server so:

  A. It only accepts TLSvl 2

  B. It only accepts cipher suites using AES and SHA

  C. It no longer accepts the vulnerable cipher suites

  D. SSL/TLS is offloaded to a WAF and load balancer

  Correct Answer: C