Get Real CS0-002 Exam Dumps [Jul-2022] Practice Tests [Q80-Q104]

4/5 - (1 vote)

Get Real CS0-002 Exam Dumps [Jul-2022] Practice Tests

Last CS0-002 practice test reviews: Practice Test CompTIA dumps

NO.80 A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:

The analyst runs the following command next:

Which of the following would explain the difference in results?

ICMP is being blocked by a firewall.

The routing tables for ping and hping3 were different.

The original ping command needed root permission to execute.

hping3 is returning a false positive.

NO.81 A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization’s financial assets.
Which of the following is the BEST example of the level of sophistication this threat actor is using?

Social media accounts attributed to the threat actor

Custom malware attributed to the threat actor from prior attacks

Email addresses and phone numbers tied to the threat actor

Network assets used in previous attacks attributed to the threat actor

IP addresses used by the threat actor for command and control

NO.82 A large organization wants to move account registration services to the cloud to benefit from faster processing and elasticity. Which of the following should be done FIRST to determine the potential risk to the organization?

Establish a recovery time objective and a recovery point objective for the systems being moved

Calculate the resource requirements for moving the systems to the cloud

Determine recovery priorities for the assets being moved to the cloud-based systems

Identify the business processes that will be migrated and the criticality of each one

Perform an inventory of the servers that will be moving and assign priority to each one

NO.83 A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application.
Which of the following is a security concern when using a PaaS solution?

The use of infrastructure-as-code capabilities leads to an increased attack surface.

Patching the underlying application server becomes the responsibility of the client.

The application is unable to use encryption at the database level.

Insecure application programming interfaces can lead to data compromise.

NO.84 An analyst is reviewing the following code output of a vulnerability scan:

Which of the following types of vulnerabilities does this MOST likely represent?

A insecure direct object reference vulnerability

An HTTP response split vulnerability

A credential bypass vulnerability

A XSS vulnerability

NO.85 A security is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS. Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise?

Run an anti-malware scan on the system to detect and eradicate the current threat

Start a network capture on the system to look into the DNS requests to validate command and control traffic

Shut down the system to prevent further degradation of the company network

Reimage the machine to remove the threat completely and get back to a normal running state

Isolate the system on the network to ensure it cannot access other systems while evaluation is underway

NO.86 An incident response team is responding to a breach of multiple systems that contain PII and PHI. Disclosing the incident to external entities should be based on:

the responder’s discretion

the public relations policy

the communication plan

senior management’s guidance

NO.87 A system administrator is doing network reconnaissance of a company’s external network to determine the vulnerability of various services that are running. Sending some sample traffic to the external host, the administrator obtains the following packet capture:

Based on the output, which of the following services should be further tested for vulnerabilities?

SSH

HTTP

SMB

HTTPS

NO.88 Given the following code:

Which of the following types of attacks is occurring in the example above?

MITM

Session hijacking

XSS

Privilege escalation

SQL injection

NO.89 Susan has been asked to identify the applications that start when a Windows system does.
Where should she look first?

INDX files

Volume shadow copies

The Registry

The MFT

NO.90 A security analyst implemented a solution that would analyze the attacks that the organization’s firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command:
$ sudo nc -1 -v -e maildaemon.py 25 > caplog.txt
Which of the following solutions did the analyst implement?

Log collector

Crontab mail script

Sinkhole

Honeypot

NO.91 A company’s marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party in1marketingpartners.com Below is the exiting SPP word:

Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?
A)

B)

C)

D)

Option A

Option B

Option C

Option D

NO.92 Which of the following sets of attributes BEST illustrates the characteristics of an insider threat from a security perspective?

Unauthorized, unintentional, benign

Unauthorized, intentional, malicious

Authorized, intentional, malicious

Authorized, unintentional, benign

NO.93 The Chief Security Officer (CSO) has requested a vulnerability report of systems on the domain, identifying those running outdated OSs. The automated scan reports are not displaying OS version details, so the CSO cannot determine risk exposure levels from vulnerable systems.
Which of the following should the cybersecurity analyst do to enumerate OS information as part of the vulnerability scanning process in the MOST efficient manner?

Execute the ver command

Execute the nmap -pcommand

Use Wireshark to export a list

Use credentialed configuration

NO.94 A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:

The analyst runs the following command next:

Which of the following would explain the difference in results?

ICMP is being blocked by a firewall.

The routing tables for ping and hping3 were different.

The original ping command needed root permission to execute.

hping3 is returning a false positive.

NO.95 A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:

Which of the following can the analyst conclude?

Malware is attempting to beacon to 128.50.100.3.

The system is running a DoS attack against ajgidwle.com.

The system is scanning ajgidwle.com for PII.

Data is being exfiltrated over DNS.

NO.96 A security analyst is building a malware analysis lab. The analyst wants to ensure malicious applications are not capable of escaping the virtual machines and pivoting to other networks.
To BEST mitigate this risk, the analyst should use.

an 802.11ac wireless bridge to create an air gap.

a managed switch to segment the lab into a separate VLAN.

a firewall to isolate the lab network from all other networks.

an unmanaged switch to segment the environments from one another.

NO.97 An organization has a practice of running some administrative services on non-standard ports as a way of frustrating any attempts at reconnaissance. The output of the latest scan on host
192.168.1.13 is shown below:

Which of the following statements is true?

Running SSH on the Telnet port will now be sent across an unencrypted port.

Despite the results of the scan, the service running on port 23 is actually Telnet and not SSH, and creates an additional vulnerability

Running SSH on port 23 provides little additional security from running it on the standard port.

Remote SSH connections will automatically default to the standard SSH port.

The use of OpenSSH on its default secure port will supersede any other remote connection attempts.

NO.98 An organization is moving its infrastructure to the cloud in an effort to meet the budget and reduce staffing requirements. The organization has three environments: development, testing, and production. These environments have interdependencies but must remain relatively segmented.
Which of the following methods would BEST secure the company’s infrastructure and be the simplest to manage and maintain?

Create three separate cloud accounts for each environment. Configure account peering and security rules to allow access to and from each environment.

Create one cloud account with one VPC for all environments. Purchase a virtual firewall and create granular security rules.

Create one cloud account and three separate VPCs for each environment. Create security rules to allow access to and from each environment.

Create three separate cloud accounts for each environment and a single core account for network services.
Route all traffic through the core account.

NO.99 A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output:
Antivirus is installed on the remote host:
Installation path: C:Program FilesAVProductWin32
Product Engine: 14.12.101
Engine Version: 3.5.71
Scanner does not currently have information about AVProduct version 3.5.71. It may no longer be supported.
The engine version is out of date. The oldest supported version from the vendor is 4.2.11.
The analyst uses the vendor’s website to confirm the oldest supported version is correct.
Which of the following BEST describes the situation?

This is a false positive, and the scanning plugin needs to be updated by the vendor.

This is a true negative, and the new computers have the correct version of the software.

This is a true positive, and the new computers were imaged with an old version of the software.

This is a false negative, and the new computers need to be updated by the desktop team.

NO.100 A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:

Which of the following can the analyst conclude?

Malware is attempting to beacon to 128.50.100.3.

The system is running a DoS attack against ajgidwle.com.

The system is scanning ajgidwle.com for PII.

Data is being exfiltrated over DNS.

NO.101 A small electronics company decides to use a contractor to assist with the development of a new FPGA-based device. Several of the development phases will occur off-site at the contractor’s labs.
Which of the following is the main concern a security analyst should have with this arrangement?

Making multiple trips between development sites increases the chance of physical damage to the FPGAs.

Moving the FPGAs between development sites will lessen the time that is available for security testing.

Development phases occurring at multiple sites may produce change management issues.

FPGA applications are easily cloned, increasing the possibility of intellectual property theft.

NO.102 A company wants to establish a threat-hunting team. Which of the following BEST describes the rationale for integrating intelligence into hunt operations?

It enables the team to prioritize the focus areas and tactics within the company’s environment

It provides criticality analyses for key enterprise servers and services

It allows analysts to receive routine updates on newly discovered software vulnerabilities

It supports rapid response and recovery during and following an incident

NO.103 An organization is attempting to harden its web servers and reduce the information that might be disclosed by potential attackers. A security analyst is reviewing vulnerability scan results from a recent web server scan.
Portions of the scan results are shown below:

Which of the following lines indicates information disclosure about the host that needs to be remediated?

Response: :DocumentsMarySmithmailingList.pdf

Finding#5144322

First Time Detected 10 Nov 2015 09:00 GMT-0600

Access Path: http://myOrg.com/mailingList.htm

Request: GET http://myOrg.com/mailingList.aspx?content=volunteer

NO.104 An organization is focused on restructuring its data governance programs and an analyst has been Tasked with surveying sensitive data within the organization. Which of the following is the MOST accurate method for the security analyst to complete this assignment?

Perform an enterprise-wide discovery scan.

Consult with an internal data custodian.

Review enterprise-wide asset Inventory.

Create a survey and distribute it to data owners.