CompTIA CompTIA Certifications CS0-002 Questions & Answers

• Question 961:

  A system is experiencing noticeably slow response times, and users are being locked out frequently. An analyst asked for the system security plan and found the system comprises two servers: an application server in the DMZ and a database server inside the trusted domain. Which of the following should be performed NEXT to investigate the availability issue?

  A. Review the firewall logs.

  B. Review syslogs from critical servers.

  C. Perform fuzzing.

  D. Install a WAF in front of the application server.

  Correct Answer: B

• Question 962:

  Ann, a user, reports to the security team that her browser began redirecting her to random sites while using her Windows laptop. Ann further reports that the OS shows the C: drive is out of space despite having plenty of space recently. Ann

  claims she not downloaded anything. The security team obtains the laptop and begins to investigate, noting the following:

  File access auditing is turned off.

  When clearing up disk space to make the laptop functional, files that appear to be cached web pages are immediately created in a temporary directory, filling up the available drive space. All processes running appear to be legitimate

  processes for this user and machine. Network traffic spikes when the space is cleared on the laptop.

  No browser is open.

  Which of the following initial actions and tools would provide the BEST approach to determining what is happening?

  A. Delete the temporary files, run an Nmap scan, and utilize Burp Suite.

  B. Disable the network connection, check Sysinternals Process Explorer, and review netstat output.

  C. Perform a hard power down of the laptop, take a dd image, and analyze with FTK.

  D. Review logins to the laptop, search Windows Event Viewer, and review Wireshark captures.

  Correct Answer: B

• Question 963:

  A system's authority to operate (ATO) is set to expire in four days. Because of other activities and limited staffing, the organization has neglected to start reauthentication activities until now. The cybersecurity group just performed a vulnerability scan with the partial set of results shown below:

  

  Based on the scenario and the output from the vulnerability scan, which of the following should the security team do with this finding?

  A. Remediate by going to the web config file, searching for the enforce HTTP validation setting, and manually updating to the correct setting.

  B. Accept this risk for now because this is a "high" severity, but testing will require more than the four days available, and the system ATO needs to be competed.

  C. Ignore it. This is false positive, and the organization needs to focus its efforts on other findings.

  D. Ensure HTTP validation is enabled by rebooting the server.

  Correct Answer: A

• Question 964:

  A pharmaceutical company's marketing team wants to send out notifications about new products to alert users of recalls and newly discovered adverse drug reactions. The team plans to use the names and mailing addresses that users have

  provided.

  Which of the following data privacy standards does this violate?

  A. Purpose limitation

  B. Sovereignty

  C. Data minimization

  D. Retention

  Correct Answer: A

  Reference: http://www.isitethical.eu/portfolio-item/purpose-limitation/

• Question 965:

  A user receives a potentially malicious email that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review. Which of the following commands would MOST likely indicate if the email is malicious?

  A. sha256sum ~/Desktop/file.pdf

  B. file ~/Desktop/file.pdf

  C. strings ~/Desktop/file.pdf | grep "

  D. cat < ~/Desktop/file.pdf | grep -i .exe

  Correct Answer: C

  C - - strings ~/Desktop/file.pdf | grep "

  Explanation: The strings command is used to extract the human-readable strings from a binary file, such as a PDF document. By piping the output of the strings command to the grep command with the -i flag, the security analyst can search for specific keywords or phrases that are commonly used in malicious PDF documents, such as "malware" or "Trojan." This will allow the analyst to quickly identify potential indicators of malicious activity in the PDF document.

• Question 966:

  A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet. Which of the following solutions would meet this requirement?

  A. Establish a hosted SSO.

  B. Implement a CASB.

  C. Virtualize the server.

  D. Air gap the server.

  Correct Answer: D

• Question 967:

  A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied. When conducting the scan, the analyst received the following code snippet of results:

  

  Which of the following describes the output of this scan?

  A. The analyst has discovered a False Positive, and the status code is incorrect providing an OK message.

  B. The analyst has discovered a True Positive, and the status code is correct providing a file not found error message.

  C. The analyst has discovered a True Positive, and the status code is incorrect providing a forbidden message.

  D. The analyst has discovered a False Positive, and the status code is incorrect providing a server error message.

  Correct Answer: B

• Question 968:

  A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.

  Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)

  A. Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities.

  B. Remove the servers reported to have high and medium vulnerabilities.

  C. Tag the computers with critical findings as a business risk acceptance.

  D. Manually patch the computers on the network, as recommended on the CVE website.

  E. Harden the hosts on the network, as recommended by the NIST framework.

  F. Resolve the monthly job issues and test them before applying them to the production network.

  Correct Answer: AF

• Question 969:

  A development team is testing a new application release. The team needs to import existing client PHI data records from the production environment to the test environment to test accuracy and functionality. Which of the following would BEST protect the sensitivity of this data while still allowing the team to perform the testing?

  A. Deidentification

  B. Encoding

  C. Encryption

  D. Watermarking

  Correct Answer: A

• Question 970:

  An organization is moving its infrastructure to the cloud in an effort to meet the budget and reduce staffing requirements. The organization has three environments: development, testing, and production. These environments have interdependencies but must remain relatively segmented. Which of the following methods would BEST secure the company's infrastructure and be the simplest to manage and maintain?

  A. Create three separate cloud accounts for each environment. Configure account peering and security rules to allow access to and from each environment.

  B. Create one cloud account with one VPC for all environments. Purchase a virtual firewall and create granular security rules.

  C. Create one cloud account and three separate VPCs for each environment. Create security rules to allow access to and from each environment.

  D. Create three separate cloud accounts for each environment and a single core account for network services. Route all traffic through the core account.

  Correct Answer: C