CompTIA CompTIA Certifications CS0-002 Questions & Answers

• Question 851:

  A security analyst is reviewing the following log entries to identify anomalous activity:

  

  Which of the following attack types is occurring?

  A. Directory traversal

  B. SQL injection

  C. Buffer overflow

  D. Cross-site scripting

  Correct Answer: A

• Question 852:

  An analyst performs a routine scan of a host using Nmap and receives the following output:

  

  Which of the following should the analyst investigate FIRST?

  A. Port 21

  B. Port 22

  C. Port 23

  D. Port 80

  Correct Answer: C

• Question 853:

  Which of the following is the MOST important objective of a post-incident review?

  A. Capture lessons learned and improve incident response processes

  B. Develop a process for containment and continue improvement efforts

  C. Identify new technologies and strategies to remediate

  D. Identify a new management strategy

  Correct Answer: A

• Question 854:

  An organization was alerted to a possible compromise after its proprietary data was found for sale on the Internet. An analyst is reviewing the logs from the next-generation UTM in an attempt to find evidence of this breach. Given the following output:

  

  Which of the following should be the focus of the investigation?

  A. webserver.org-dmz.org

  B. sftp.org-dmz.org

  C. 83hht23.org-int.org

  D. ftps.bluemed.net

  Correct Answer: A

• Question 855:

  A cybersecurity analyst is responding to an incident. The company's leadership team wants to attribute the incident to an attack group. Which of the following models would BEST apply to the situation?

  A. Intelligence cycle

  B. Diamond Model of Intrusion Analysis

  C. Kill chain

  D. MITRE ATTandCK

  Correct Answer: B

• Question 856:

  Which of the following will allow different cloud instances to share various types of data with a minimal amount of complexity?

  A. Reverse engineering

  B. Application log collectors

  C. Workflow orchestration

  D. API integration

  E. Scripting

  Correct Answer: D

• Question 857:

  An organization developed a comprehensive incident response policy. Executive management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel's familiarity with incident response procedures?

  A. A simulated breach scenario involving the incident response team

  B. Completion of annual information security awareness training by all employees

  C. Tabletop activities involving business continuity team members

  D. Completion of lessons-learned documentation by the computer security incident response team

  E. External and internal penetration testing by a third party

  Correct Answer: A

• Question 858:

  Which of the following BEST articulates the benefit of leveraging SCAP in an organization's cybersecurity analysis toolset?

  A. It automatically performs remedial configuration changes to enterprise security services

  B. It enables standard checklist and vulnerability analysis expressions for automation

  C. It establishes a continuous integration environment for software development operations

  D. It provides validation of suspected system vulnerabilities through workflow orchestration

  Correct Answer: B

• Question 859:

  Which of the following software assessment methods would be BEST for gathering data related to an application's availability during peak times?

  A. Security regression testing

  B. Stress testing

  C. Static analysis testing

  D. Dynamic analysis testing

  E. User acceptance testing

  Correct Answer: B

• Question 860:

  An organization has not had an incident for several months. The Chief Information Security Officer (CISO) wants to move to a more proactive stance for security investigations. Which of the following would BEST meet that goal?

  A. Root-cause analysis

  B. Active response

  C. Advanced antivirus

  D. Information-sharing community

  E. Threat hunting

  Correct Answer: E