CompTIA CompTIA Certifications CS0-002 Questions & Answers

• Question 611:

  Which of the following BEST describes how logging and monitoring work when entering into a public cloud relationship with a service provider?

  A. Logging and monitoring are not needed in a public cloud environment

  B. Logging and monitoring are done by the data owners

  C. Logging and monitoring duties are specified in the SLA and contract

  D. Logging and monitoring are done by the service provider

  Correct Answer: C

• Question 612:

  Which of the following solutions is the BEST method to prevent unauthorized use of an API?

  A. HTTPS

  B. Geofencing

  C. Rate liming

  D. Authentication

  Correct Answer: D

• Question 613:

  A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The Organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan?

  A. Make sure the scan is credentialed, covers at hosts in the patch management system, and is scheduled during business hours so it can be terminated if it affects business operations.

  B. Make sure the scan is uncredentialed, covers at hosts in the patch management system, and Is scheduled during of business hours so it has the least impact on operations.

  C. Make sure the scan is credentialed, has the latest software and signature versions, covers all external hosts in the patch management system and is scheduled during off- business hours so it has the least impact on operations.

  D. Make sure the scan is credentialed, uses a ironed plug-in set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations.

  Correct Answer: D

• Question 614:

  An analyst receives an alert from the continuous-monitoring solution about unauthorized changes to the firmware versions on several field devices. The asset owners confirm that no firmware version updates were performed by authorized technicians, and customers have not reported any performance issues or outages. Which Of the following actions would be BEST for the analyst to recommend to the asset owners to secure the devices from further exploitation?

  A. Change the passwords on the devices.

  B. Implement BIOS passwords.

  C. Remove the assets from the production network for analysis.

  D. Report the findings to the threat intel community.

  Correct Answer: C

  If were referring to other devices, yes - Implement BIOS passwords before they are compromised. But the ones that were already compromised, they need to be removed from the system to avoid further exploitation. Plus, if you put a password on there, the attacker may now have your password.

• Question 615:

  A company's Chief Information Officer wants to use a CASB solution to ensure policies are being met during cloud access. Due to the nature of the company's business and risk appetite, the management team elected to not store financial information in the cloud. A security analyst needs to recommend a solution to mitigate the threat of financial data leakage into the cloud. Which of the following should the analyst recommend?

  A. Utilize the CASB to enforce DLP data-at-rest protection for financial information that is stored on premises.

  B. Do not utilize the CASB solution for this purpose, but add DLP on premises for data in motion.

  C. Utilize the CASB to enforce DLP data-in-motion protection for financial information moving to the cloud.

  D. Do not utilize the CASB solution for this purpose, but add DLP on premises for data at rest.

  Correct Answer: C

  "CASB solutions generally offer their own DLP policy engine, allowing you to configure DLP policies in a CASB and apply them to cloud services."

  https://www.mcafee.com/blogs/enterprise/cloud-security/how-a-casb-integrates-with-an-on- premises-dlp- solution/

• Question 616:

  An analyst is reviewing the output from some recent network enumeration activities. The following entry relates to a target on the network:

  

  Based on the above output, which Of the following tools or techniques is MOST likely being used?

  A. Web application firewall

  B. Port triggering

  C. Intrusion prevention system

  D. Port isolation

  E. Port address translation

  Correct Answer: A

  Filezilla ftpd and Microsoft IIS httpd 7.5 are running on ports 21 and 80, respectively.

• Question 617:

  A company's legal and accounting teams have decided it would be more cost-effective to offload the risks of data storage to a third party. The IT management team has decided to implement a cloud model and has asked the security team for recommendations. Which of the following will allow all data to be kept on the third-party network?

  A. VDI

  B. SaaS

  C. CASB

  D. FaaS

  Correct Answer: B

  Which of the follawing activities is designed to handle a control failure that leads to a breach? Risk assessment Incident management Root cause analysis Vulnerability management Software as a Service (SaaS) -Provides all the hardware, operating system, software, and applications needed for a complete application service to be delivered -Cloud service providers are responsible for the security of the platform and infrastructure -Consumers are responsible for application security, account provisioning, and authorizations

  Cloud Access Security Broker (CASB)

  -Enterprise management software designed to mediate access to cloud services by users across all types of devices Single sign-on Malware and rogue device detection Monitor/audit user activity Mitigate data exfiltration

  -Cloud Access Service Brokers provide visibility into how clients and another network nodes use cloud services Forward Proxy Reverse Proxy API

• Question 618:

  Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?

  A. Security regression testing

  B. Code review

  C. User acceptance testing

  D. Stress testing

  Correct Answer: C

  "User acceptance testing (UAT) is the last phase of the software testing process. During UAT, actual software users test the software to make sure it can handle required tasks in real-world scenarios, according to specifications." https://www.plutora.com/blog/uat-user-acceptance-testing

• Question 619:

  A company's domain has been spooled in numerous phishing campaigns. An analyst needs to determine the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that

  fails DMARC upon review of the record, the analyst finds the following:

  v=DMARC1; p=none; fo=0; rua=mailto:[email protected]; ruf=mailto:[email protected]; adkim=r; rf=afrf; ri=86400;

  Which of the following BEST explains the reason why the company's requirements are not being processed correctly by mailbox providers?

  A. The DMARC record's DKIM alignment tag Is incorrectly configured.

  B. The DMARC record's policy tag is incorrectly configured.

  C. The DMARC record does not have an SPF alignment tag.

  D. The DMARC record's version tag is set to DMARC1 instead of the current version, which is DMARC3.

  Correct Answer: B

  To add more clarity here (I worked specifically in email security).

  It is not required to have an SPF alignment tag (ASPF tag).

  https://easydmarc.com/blog/what-are-dmarc-tags-dmarc-tags-explained/

  Even if you did have it, DMARC policy is in monitor only mode (p=none), so it wouldn't matter. The policy is never going to be enforced until you move it to p=quarantine at the minimum (very few orgs actually hit a p=reject stage, it's incredibly

  difficult).

• Question 620:

  A help desk technician inadvertently sent the credentials of the company's CRM n clear text to an employee's personal email account. The technician then reset the employee's account using the appropriate process and the employee's corporate email, and notified the security team of the incident According to the incident response procedure, which of the following should the security team do NEXT?

  A. Contact the CRM vendor.

  B. Prepare an incident summary report.

  C. Perform postmortem data correlation.

  D. Update the incident response plan.

  Correct Answer: B