This page was exported from IT certification exam materials [ http://blog.dumpleader.com ]

Export date:Fri Jan 31 16:01:38 2025 / +0000 GMT

___________________________________________________


Title: [Oct 06, 2024] Latest CompTIA CS0-002 Exam Practice Test To Gain Brilliante Result [Q165-Q188]

---------------------------------------------------



 Latest [Oct 06, 2024] CompTIA CS0-002 Exam Practice Test To Gain Brilliante Result
Take a Leap Forward in Your Career by Earning CompTIA CS0-002


CompTIA CySA+ certification exam covers a broad range of topics, including threat management, vulnerability management, incident response, and compliance and assessment. CS0-002 exam is designed to assess the candidate's ability to identify, analyze, and respond to security threats and vulnerabilities in a variety of network environments.
 


QUESTION 165A security analyst is auditing firewall rules with the goal of scanning some known ports to check the firewall’s behavior and responses. The analyst executes the following commands.Which of the following BEST describes the firewall rule?
 REJECT with –tcp-reset
 DROP
 LOG -log-tcp-sequence
 DNAt -to-destination 1.1.1.1:3000
QUESTION 166A security analyst has created an image of a drive from an incident.Which of the following describes what the analyst should do NEXT?
 The analyst should create a backup of the drive and then hash the drive.
 The analyst should begin analyzing the image and begin to report findings.
 The analyst should create a hash of the image and compare it to the original drive’s hash.
 The analyst should create a chain of custody document and notify stakeholders.
QUESTION 167A forensic analyst is conducting an investigation on a compromised server Which of the following should the analyst do first to preserve evidence”
 Restore damaged data from the backup media
 Create a system timeline
 Monitor user access to compromised systems
 Back up all log files and audit trails
A forensic analyst is conducting an investigation on a compromised server. The first step that the analyst should do to preserve evidence is to back up all log files and audit trails. This will ensure that the analyst has a copy of the original data that can be used for analysis and verification. Backing up the log files and audit trails will also prevent any tampering or modification of the evidence by the attacker or other parties. The other options are not the first steps or may alter or destroy the evidence. Reference: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 16; https://www.nist.gov/publications/guide-collection-and-preservation-digital-evidenceQUESTION 168A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:The analyst runs the following command next:Which of the following would explain the difference in results?
 ICMP is being blocked by a firewall.
 The routing tables for ping and hping3 were different.
 The original ping command needed root permission to execute.
 hping3 is returning a false positive.
QUESTION 169A security analyst is reviewing the following web server log:Which of the following BEST describes the issue?
 Directory traversal exploit
 Cross-site scripting
 SQL injection
 Cross-site request forgery
QUESTION 170A cybersecurity analyst wants to use ICMP ECHO_REQUEST on a machine while using Nmap.Which of the following is the correct command to accomplish this?
 $ nmap -E 192.168.1.7
 $ ping –PE 192.168.1.7
 $ nmap –traceroute 192.168.1.7
 $ nmap -O 192.168.1.7
QUESTION 171A security analyst recently discovered two unauthorized hosts on the campus’s wireless network segment from a man-m-the-middle attack.The security analyst also verified that privileges were not escalated, and the two devices did not gain access to other network devices.Which of the following would BEST mitigate and improve the security posture of the wireless network for this type of attack?
 Enable MAC filtering on the wireless router and suggest a stronger encryption for the wireless network,
 Change the SSID, strengthen the passcode, and implement MAC filtering on the wireless router.
 Enable MAC filtering on the wireless router and create a whitelist that allows devices on the network
 Conduct a wireless survey to determine if the wireless strength needs to be reduced.
QUESTION 172A cybersecurity analyst is supposing an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?
 Requirements analysis and collection planning
 Containment and eradication
 Recovery and post-incident review
 Indicator enrichment and research pivoting
QUESTION 173A pharmaceutical company’s marketing team wants to send out notifications about new products to alert users of recalls and newly discovered adverse drug reactions. The team plans to use the names and mailing addresses that users have provided.Which of the following data privacy standards does this violate?
 Purpose limitation
 Sovereignty
 Data minimization
 Retention
Explanation/Reference: http://www.isitethical.eu/portfolio-item/purpose-limitation/QUESTION 174An analyst determines a security incident has occurred Which of the following is the most appropnate NEXT step in an incident response plan?
 Consult the malware analysis process
 Consult the disaster recovery plan
 Consult the data classification process
 Consult the communications plan
QUESTION 175An application contains the following log entries in a file named “authlog.log”:A security analyst has been asked to parse the log file and print out all valid usernames. Which of the following achieves this task?
 grep -e “successfully” authlog.log | awk ‘{print $2}’ | sed s/’//g
 cat authlog.log | grep “2016-01-01” | echo “valid username found: $2”
 echo authlog.log > sed ‘s/User//’ | print “username exists: $User”
 cat “authlog.log” | grep “User” | cut -F’ ‘ | echo “username exists: $1”
QUESTION 176A small organization has proprietary software that is used internally.The system has not been well maintained and cannot be updated with the rest of the environment.Which of the following is the BEST solution?
 Virtualize the system and decommission the physical machine.
 Remove it from the network and require air gapping.
 Only allow access to the system via a jumpbox
 Implement MFA on the specific system.
QUESTION 177A security analyst is investigating a reported phishing attempt that was received by many users throughout the company The text of one of the emails is shown below:Office 365 User.It looks like you account has been locked out Please click this <a href="/ko/Tittp7/accountfix-office356/" comlogin php”>링크</a> and follow the pfompts to restore access Regards.Security TeamDue to the size of the company and the high storage requirements, the company does not log DNS requests or perform packet captures of network traffic, but rt does log network flow data Which of the following commands will the analyst most likely execute NEXT?
 telnet office365.com 25
 tracert 122.167.40.119
 curl http:// accountfix-office365.com/login. php
 nslookup accountfix-office365.com
nslookup is a command-line tool that can query the Domain Name System (DNS) and display information about domain names and IP addresses. The security analyst can use nslookup to find out the IP address of the malicious domain accountfix-office365.com that was used in the phishing attempt. This could help the analyst to block or trace the source of the attack. telnet, tracert, and curl are other command-line tools, but they are not as useful as nslookup for investigating a phishing attempt based on a domain name. Reference: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/nslookupQUESTION 178An analyst performs a routine scan of a host using Nmap and receives the following output:Which of the following should the analyst investigate FIRST?
 Port 21
 Port 22
 Port 23
 Port 80
QUESTION 179Several accounting department users are reporting unusual Internet traffic in the browsing history of their workstations after returning to work and logging in. The building security team informs the IT security team that the cleaning staff was caught using the systems after the accounting department users left for the day. Which of the following steps should the IT security team take to help prevent this from happening again? (Choose two.)
 Install a web monitor application to track Internet usage after hours.
 Configure a policy for workstation account timeout at three minutes.
 Configure NAC to set time-based restrictions on the accounting group to normal business hours.
 Configure mandatory access controls to allow only accounting department users to access the workstations.
 Set up a camera to monitor the workstations for unauthorized use.
QUESTION 180An IT security analyst has received an email alert regarding a vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?
 SCADA
 CAN bus
 Modbus
 IoT
The Controller Area Network – CAN bus is a message-based protocol designed to allow the Electronic Control Units (ECUs) found in today’s automobiles, as well as other devices, to communicate with each other in a reliable, priority-driven fashion. Messages or “frames” are received by all devices in the network, which does not require a host computer.QUESTION 181Legacy medical equipment, which contains sensitive data, cannot be patched. Which of the following is the best solution to improve the equipment’s security posture?
 Move the legacy systems behind a WAR
 Implement an air gap for the legacy systems.
 Place the legacy systems in the perimeter network.
 Implement a VPN between the legacy systems and the local network.
Implementing an air gap for the legacy systems is the best solution to improve their security posture. An air gap is a physical separation of a system or network from any other system or network that may pose a threat. An air gap can prevent any unauthorized access or data transfer between the isolated system or network and the external environment. Implementing an air gap for the legacy systems can help to protect them from being exploited by attackers who may take advantage of their unpatched vulnerabilities .QUESTION 182A security officer needs to find the most cost-effective solution to the current data privacy and protection gap found in the last security assessment. Which of the following is the BEST recommendation?
 Require users to sign NDAs
 Create a data minimization plan.
 Add access control requirements.
 Implement a data loss prevention solution.
A data minimization plan is a strategy that aims to reduce the amount and type of data that an organization collects, stores, and processes. It can help improve data privacy and protection by limiting the exposure and impact of a data breach or loss. Creating a data minimization plan is the best recommendation for a security officer who needs to find the most cost-effective solution to the current data privacy and protection gap. Requiring users to sign NDAs, adding access control requirements, or implementing a data loss prevention solution are other possible solutions, but they are not as cost-effective as creating a data minimization plan. Reference: https://www.csoonline.com/article/3603898/data-minimization-what-is-it-and-how-to-implement-it.htmlQUESTION 183After detecting possible malicious external scanning, an internal vulnerability scan was performed, and a critical server was found with an outdated version of JBoss. A legacy application that is running depends on that version of JBoss. Which of the following actions should be taken FIRST to prevent server compromise and business disruption at the same time?
 Make a backup of the server and update the JBoss server that is running on it.
 Contact the vendor for the legacy application and request an updated version.
 Create a proper DMZ for outdated components and segregate the JBoss server.
 Apply visualization over the server, using the new platform to provide the JBoss service for the legacy application as an external service.
QUESTION 184A company employee downloads an application from the internet. After the installation, the employee begins experiencing noticeable performance issues, and files are appearing on the desktop.Which of the following processes will the secuhty analyst Identify as the MOST likely indicator of system compromise given the processes running in Task Manager?
 Chrome.exe
 Word.exe
 Explorer.exe
 mstsc.exe
 taskmgr.exe
QUESTION 185A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users.The remediation recommended by the audit was to switch the port to 636 wherever technically possible.Which of the following is the BEST response?
 Correct the audit. This finding is a well-known false positive; the services that typically run on 389 and 636 are identical.
 Change all devices and servers that support it to 636, as encrypted services run by default on636.
 Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.
 Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.
QUESTION 186During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website.Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in the future?
 An IPS signature modification for the specific IP addresses
 An IDS signature modification for the specific IP addresses
 A firewall rule that will block port 80 traffic
 A firewall rule that will block traffic from the specific IP addresses
QUESTION 187A security analyst has been alerted to several emails that show evidence an employee is planning malicious activities that involve employee PII on the network before leaving the organization. The security analyst’s BEST response would be to coordinate with the legal department and:
 the public relations department
 senior leadership
 law enforcement
 the human resources department
QUESTION 188An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application The working hypothesis is as follows:* Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant target.* The platform Is most likely vulnerable to poor patching and Inadequate server hardening, which expose vulnerable services.* The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SQL injection attacks Which of the following BEST represents the technique in use?
 Improving detection capabilities
 Bundling critical assets
 Profiling threat actors and activities
 Reducing the attack surface area
 Loading …






	
	

Authentic Best resources for CS0-002 Online Practice Exam: https://www.dumpleader.com/CS0-002_exam.html


---------------------------------------------------


Images: https://blog.dumpleader.com/wp-content/plugins/watu/loading.gif

https://blog.dumpleader.com/wp-content/plugins/watu/loading.gif



---------------------------------------------------




---------------------------------------------------


Post date: 2024-10-06 16:57:32

Post date GMT: 2024-10-06 16:57:32

Post modified date: 2024-10-06 16:57:32

Post modified date GMT: 2024-1