CompTIA CompTIA Certifications CS0-002 Questions & Answers

• Question 941:

  A security team is implementing a new vulnerability management program in an environment that has a historically poor security posture. The team is aware of issues patch management in the environment and expects a large number of findings. Which of the following would be the MOST efficient way to increase the security posture of the organization in the shortest amount of time?

  A. Create an SLA stating that remediation actions must occur within 30 days of discovery for all levels of vulnerabilities.

  B. Incorporate prioritization levels into the remediation process and address critical findings first.

  C. Create classification criteria for data residing on different servers and provide remediation only for servers housing sensitive data.

  D. Implement a change control policy that allows the security team to quickly deploy patches in the production environment to reduce the risk of any vulnerabilities found.

  Correct Answer: B

• Question 942:

  Which of the following is the use of tools to simulate the ability for an attacker to gain access to a specified network?

  A. Reverse engineering

  B. Fuzzing

  C. Penetration testing

  D. Network mapping

  Correct Answer: C

• Question 943:

  A company just chose a global software company based in Europe to implement a new supply chain management solution. Which of the following would be the MAIN concern of the company?

  A. Violating national security policy

  B. Packet injection

  C. Loss of intellectual property

  D. International labor laws

  Correct Answer: A

• Question 944:

  An employee in the billing department accidentally sent a spreadsheet containing payment card data to a recipient outside the organization The employee intended to send the spreadsheet to an internal staff member with a similar name and was unaware of the mistake until the recipient replied to the message In addition to retraining the employee, which of the following would prevent this from happening in the future?

  A. Implement outgoing filter rules to quarantine messages that contain card data

  B. Configure the outgoing mail filter to allow attachments only to addresses on the whitelist

  C. Remove all external recipients from the employee's address book

  D. Set the outgoing mail filter to strip spreadsheet attachments from all messages.

  Correct Answer: A

• Question 945:

  A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the

  future.

  Which of the following would be the BEST solution to recommend to the director?

  A. Install a data loss prevention system, and train human resources employees on its use. Provide PII training to all employees at the company. Encrypt PII information.

  B. Enforce encryption on all emails sent within the company. Create a PII program and policy on how to handle data. Train all human resources employees.

  C. Train all employees. Encrypt data sent on the company network. Bring in privacy personnel to present a plan on how PII should be handled.

  D. Install specific equipment to create a human resources policy that protects PII data. Train company employees on how to handle PII data. Outsource all PII to another company. Send the human resources director to training for PII handling.

  Correct Answer: A

• Question 946:

  An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds. Which of the following can be inferred from this activity?

  A. 10.200.2.0/24 is infected with ransomware.

  B. 10.200.2.0/24 is not routable address space.

  C. 10.200.2.5 is a rogue endpoint.

  D. 10.200.2.5 is exfiltrating data.

  Correct Answer: D

• Question 947:

  A system administrator is doing network reconnaissance of a company's external network to determine the vulnerability of various services that are running. Sending some sample traffic to the external host, the administrator obtains the following packet capture:

  

  Based on the output, which of the following services should be further tested for vulnerabilities?

  A. SSH

  B. HTTP

  C. SMB

  D. HTTPS

  Correct Answer: A

• Question 948:

  Ransomware is identified on a company's network that affects both Windows and MAC hosts. The command and control channel for encryption for this variant uses TCP ports from 11000 to 65000. The channel goes to good1. Iholdbadkeys.com, which resolves to IP address 72.172.16.2. Which of the following is the MOST effective way to prevent any newly infected systems from actually encrypting the data on connected network drives while causing the least disruption to normal Internet traffic?

  A. Block all outbound traffic to web host good1 iholdbadkeys.com at the border gateway.

  B. Block all outbound TCP connections to IP host address 172.172.16.2 at the border gateway.

  C. Block all outbound traffic on TCP ports 11000 to 65000 at the border gateway.

  D. Block all outbound traffic on TCP ports 11000 to 65000 to IP host address 172.172.16.2 at the border gateway.

  Correct Answer: A

• Question 949:

  Which of the following is the BEST way to share incident-related artifacts to provide non-repudiation?

  A. Secure email

  B. Encrypted USB drives

  C. Cloud containers

  D. Network folders

  Correct Answer: B

• Question 950:

  A security analyst has a sample of malicious software and needs to know what the sample does? The analyst runs the sample in a carefully controlled and monitored virtual machine to observe the software behavior. Which of the following malware analysis approaches is this?

  A. White box testing

  B. Fuzzing

  C. Sandboxing

  D. Static code analysis

  Correct Answer: C