[Oct 06, 2024] Latest CompTIA CS0-002 Exam Practice Test To Gain Brilliante Result [Q165-Q188]

QUESTION 165
A security analyst is auditing firewall rules with the goal of scanning some known ports to check the firewall’s behavior and responses. The analyst executes the following commands.
Which of the following BEST describes the firewall rule?

REJECT with –tcp-reset

DROP

LOG -log-tcp-sequence

DNAt -to-destination 1.1.1.1:3000

QUESTION 166
A security analyst has created an image of a drive from an incident.
Which of the following describes what the analyst should do NEXT?

The analyst should create a backup of the drive and then hash the drive.

The analyst should begin analyzing the image and begin to report findings.

The analyst should create a hash of the image and compare it to the original drive’s hash.

The analyst should create a chain of custody document and notify stakeholders.

QUESTION 167
A forensic analyst is conducting an investigation on a compromised server Which of the following should the analyst do first to preserve evidence”

Restore damaged data from the backup media

Create a system timeline

Monitor user access to compromised systems

Back up all log files and audit trails

QUESTION 168
A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:

The analyst runs the following command next:

Which of the following would explain the difference in results?

ICMP is being blocked by a firewall.

The routing tables for ping and hping3 were different.

The original ping command needed root permission to execute.

hping3 is returning a false positive.

QUESTION 169
A security analyst is reviewing the following web server log:

Which of the following BEST describes the issue?

Directory traversal exploit

Cross-site scripting

SQL injection

Cross-site request forgery

QUESTION 170
A cybersecurity analyst wants to use ICMP ECHO_REQUEST on a machine while using Nmap.
Which of the following is the correct command to accomplish this?

$ nmap -E 192.168.1.7

$ ping –PE 192.168.1.7

$ nmap –traceroute 192.168.1.7

$ nmap -O 192.168.1.7

QUESTION 171
A security analyst recently discovered two unauthorized hosts on the campus’s wireless network segment from a man-m-the-middle attack.
The security analyst also verified that privileges were not escalated, and the two devices did not gain access to other network devices.
Which of the following would BEST mitigate and improve the security posture of the wireless network for this type of attack?

Enable MAC filtering on the wireless router and suggest a stronger encryption for the wireless network,

Change the SSID, strengthen the passcode, and implement MAC filtering on the wireless router.

Enable MAC filtering on the wireless router and create a whitelist that allows devices on the network

Conduct a wireless survey to determine if the wireless strength needs to be reduced.

QUESTION 172
A cybersecurity analyst is supposing an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?

Requirements analysis and collection planning

Containment and eradication

Recovery and post-incident review

Indicator enrichment and research pivoting

QUESTION 173
A pharmaceutical company’s marketing team wants to send out notifications about new products to alert users of recalls and newly discovered adverse drug reactions. The team plans to use the names and mailing addresses that users have provided.
Which of the following data privacy standards does this violate?

Purpose limitation

Sovereignty

Data minimization

Retention

QUESTION 174
An analyst determines a security incident has occurred Which of the following is the most appropnate NEXT step in an incident response plan?

Consult the malware analysis process

Consult the disaster recovery plan

Consult the data classification process

Consult the communications plan

QUESTION 175
An application contains the following log entries in a file named “authlog.log”:

A security analyst has been asked to parse the log file and print out all valid usernames. Which of the following achieves this task?

grep -e “successfully” authlog.log | awk ‘{print $2}’ | sed s/’//g

cat authlog.log | grep “2016-01-01” | echo “valid username found: $2”

echo authlog.log > sed ‘s/User//’ | print “username exists: $User”

cat “authlog.log” | grep “User” | cut -F’ ‘ | echo “username exists: $1”

QUESTION 176
A small organization has proprietary software that is used internally.
The system has not been well maintained and cannot be updated with the rest of the environment.
Which of the following is the BEST solution?

Virtualize the system and decommission the physical machine.

Remove it from the network and require air gapping.

Only allow access to the system via a jumpbox

Implement MFA on the specific system.

QUESTION 177
A security analyst is investigating a reported phishing attempt that was received by many users throughout the company The text of one of the emails is shown below:

Office 365 User.
It looks like you account has been locked out Please click this <a href=Tittp7/accountfix-office356 com/login php”>link</a> and follow the pfompts to restore access Regards.
Security Team
Due to the size of the company and the high storage requirements, the company does not log DNS requests or perform packet captures of network traffic, but rt does log network flow data Which of the following commands will the analyst most likely execute NEXT?

telnet office365.com 25

tracert 122.167.40.119

curl http:// accountfix-office365.com/login. php

nslookup accountfix-office365.com

QUESTION 178
An analyst performs a routine scan of a host using Nmap and receives the following output:

Which of the following should the analyst investigate FIRST?

Port 21

Port 22

Port 23

Port 80

QUESTION 179
Several accounting department users are reporting unusual Internet traffic in the browsing history of their workstations after returning to work and logging in. The building security team informs the IT security team that the cleaning staff was caught using the systems after the accounting department users left for the day. Which of the following steps should the IT security team take to help prevent this from happening again? (Choose two.)

Install a web monitor application to track Internet usage after hours.

Configure a policy for workstation account timeout at three minutes.

Configure NAC to set time-based restrictions on the accounting group to normal business hours.

Configure mandatory access controls to allow only accounting department users to access the workstations.

Set up a camera to monitor the workstations for unauthorized use.

QUESTION 180
An IT security analyst has received an email alert regarding a vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?

SCADA

CAN bus

Modbus

IoT

QUESTION 181
Legacy medical equipment, which contains sensitive data, cannot be patched. Which of the following is the best solution to improve the equipment’s security posture?

Move the legacy systems behind a WAR

Implement an air gap for the legacy systems.

Place the legacy systems in the perimeter network.

Implement a VPN between the legacy systems and the local network.

QUESTION 182
A security officer needs to find the most cost-effective solution to the current data privacy and protection gap found in the last security assessment. Which of the following is the BEST recommendation?

Require users to sign NDAs

Create a data minimization plan.

Add access control requirements.

Implement a data loss prevention solution.

QUESTION 183
After detecting possible malicious external scanning, an internal vulnerability scan was performed, and a critical server was found with an outdated version of JBoss. A legacy application that is running depends on that version of JBoss. Which of the following actions should be taken FIRST to prevent server compromise and business disruption at the same time?

Make a backup of the server and update the JBoss server that is running on it.

Contact the vendor for the legacy application and request an updated version.

Create a proper DMZ for outdated components and segregate the JBoss server.

Apply visualization over the server, using the new platform to provide the JBoss service for the legacy application as an external service.

QUESTION 184
A company employee downloads an application from the internet. After the installation, the employee begins experiencing noticeable performance issues, and files are appearing on the desktop.

Which of the following processes will the secuhty analyst Identify as the MOST likely indicator of system compromise given the processes running in Task Manager?

Chrome.exe

Word.exe

Explorer.exe

mstsc.exe

taskmgr.exe

QUESTION 185
A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users.
The remediation recommended by the audit was to switch the port to 636 wherever technically possible.
Which of the following is the BEST response?

Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and 636 are identical.

Change all devices and servers that support it to 636, as encrypted services run by default on
636.

Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.

Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.

QUESTION 186
During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website.
Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in the future?

An IPS signature modification for the specific IP addresses

An IDS signature modification for the specific IP addresses

A firewall rule that will block port 80 traffic

A firewall rule that will block traffic from the specific IP addresses

QUESTION 187
A security analyst has been alerted to several emails that show evidence an employee is planning malicious activities that involve employee PII on the network before leaving the organization. The security analyst’s BEST response would be to coordinate with the legal department and:

the public relations department

senior leadership

law enforcement

the human resources department

QUESTION 188
An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application The working hypothesis is as follows:
* Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant target.
* The platform Is most likely vulnerable to poor patching and Inadequate server hardening, which expose vulnerable services.
* The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.
As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SQL injection attacks Which of the following BEST represents the technique in use?

Improving detection capabilities

Bundling critical assets

Profiling threat actors and activities

Reducing the attack surface area

Leave a Reply Cancel reply