CompTIA CompTIA Certifications CS0-002 Questions & Answers

• Question 601:

  During a routine review of service restarts a security analyst observes the following in a server log:

  

  Which of the following is the GREATEST security concern?

  A. The daemon's binary was AChanged

  B. Four consecutive days of monitoring are skipped in the tog

  C. The process identifiers for the running service change

  D. The PIDs are continuously changing

  Correct Answer: A

• Question 602:

  When investigating a report of a system compromise, a security analyst views the following /var/log/secure log file:

  

  Which of the following can the analyst conclude from viewing the log file?

  A. The comptia user knows the sudo password.

  B. The comptia user executed the sudo su command.

  C. The comptia user knows the root password.

  D. The comptia user added himself or herself to the /etc/sudoers file.

  Correct Answer: C

  the user is not in the sudoers file. you use your own password for that. the user used the su command to switch user accounts. when no user is specified, the su command defaults to the root account. the user is now logged into the root account. you need to know the root password to log into the root account.

• Question 603:

  During an audit several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products.

  Which of the following would be the BEST way to locate this issue?

  A. Reduce the session timeout threshold

  B. Deploy MFA for access to the web server

  C. Implement input validation

  D. Run a static code scan

  Correct Answer: D

  Implementing input validation is NOT the best way to LOCATE THE ISSUE. It's a mitigation technique to reduce the likelihood of exploitation. D - static code analysis and code review is the way to go.

• Question 604:

  A security team has begun updating the risk management plan, incident response plan, and system security plan to ensure compliance with security review guidelines. Which of the following can be executed by internal managers to simulate and validate the proposed changes?

  A. Internal management review

  B. Control assessment

  C. Tabletop exercise

  D. Peer review

  Correct Answer: C

  According to the CompTIA CySA+ Certification Exam (CS0-002) study guide, a tabletop exercise can be executed by internal managers to simulate and validate changes to the risk management plan, incident response plan, and system security plan. In a tabletop exercise, participants discuss and work through a simulated scenario, usually in a classroom or conference room setting, to evaluate their readiness and understanding of the proposed changes. This type of exercise can help to identify any potential issues or gaps in the proposed changes and can provide valuable insights for refining and improving the plans.

• Question 605:

  When of the following techniques can be implemented to safeguard the confidentiality of sensitive information while allowing limited access to authorized individuals?

  A. Deidentification

  B. Hashing

  C. Masking

  D. Salting

  Correct Answer: C

  https://www.techtarget.com/searchsecurity/definition/data-masking

• Question 606:

  A cybersecurity analyst routinely checks logs, querying for login attempts. While querying for unsuccessful login attempts during a five-day period, the analyst produces the following report:

  

  Which of the following BEST describes what the analyst Just found?

  A. Users 4 and 5 are using their credentials to transfer files to multiple servers.

  B. Users 4 and 5 are using their credentials to run an unauthorized scheduled task targeting some servers In the cloud.

  C. An unauthorized user is using login credentials in a script.

  D. A bot is running a brute-force attack in an attempt to log in to the domain.

  Correct Answer: D

• Question 607:

  A product security analyst has been assigned to evaluate and validate a new products security capabilities Part ot the evaluation involves reviewing design changes at specific intervals tor security deficiencies recommending changes and checking for changes at the next checkpoint.

  Which of the following BEST defines the activity being conducted?

  A. User acceptance testing

  B. Stress testing

  C. Code review

  D. Security regression testing

  Correct Answer: C

  Once the SDLC reached the development phase, code starts to be generated. That means that the ability to control the version of the software or component that your team is working on, combined with check-in/check-out functionality and

  revision histories, is a necessary and powerful tool when developing software.

  The question refers to a "new" product so I believe that is key. However, it also makes it seem that it is about the development of a product that could be in production.

  Regression testing focuses on testing to ensure that changes that have been made do not create new issues, and ensure that no new vulnerabilities, misconfigurations, or other issues have been introduced.

• Question 608:

  A new vanant of malware is spreading on ihe company network using TCP 443 to contact its command- and-control server The domain name used for callback continues to change, and the analyst is unable to predict future domain name variance.

  Which of the following actions should the analyst take to stop malicious communications with the LEAST disruption to service?

  A. Implement a sinkhole with a high entropy level

  B. Disable TCP/53 at the penmeter firewall

  C. Block TCP/443 at the edge router

  D. Configure the DNS forwarders to use recursion

  Correct Answer: A

• Question 609:

  Due to continued support of legacy applications, an organization's enterprise password complexity rules are inadequate for its required security posture. Which of the following is the BEST compensating control to help reduce authentication compromises?

  A. Smart cards

  B. Multifactor authentication

  C. Biometrics

  D. Increased password-rotation frequency

  Correct Answer: B

• Question 610:

  A security analyst observes a large amount of scanning activity coming from an IP address outside the organization's environment. Which of the following should the analyst do to block this activity?

  A. Create an IPS rule to block the subnet.

  B. Sinkhole the IP address.

  C. Create a firewall rule to block the IP address.

  D. Close all unnecessary open ports.

  Correct Answer: C