Get New 2021 CompTIA CS0-002 Exam Dumps Bundle On flat Updated Dumps! [Q70-Q93]

Share

Get New 2021 CompTIA exam CS0-002 Dumps Bundle On flat Updated Dumps!

Full CS0-002 Practice Test and 299 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 70
A security operations team was alerted to abnormal DNS activity coming from a user's machine.
The team performed a forensic investigation and discovered a host had been compromised.
Malicious code was using DNS as a tunnel to extract data from the client machine, which had been leaked and transferred to an unsecure public Internet site. Which of the following BEST describes the attack?

  • A. Cache poisoning
  • B. Data exfiltration
  • C. Phishing
  • D. Pharming

Answer: B

 

NEW QUESTION 71
A company's asset management software has been discovering a weekly increase in non- standard software installed on end users' machines with duplicate license keys. The security analyst wants to know if any of this software is listening on any non-standard ports, such as 6667.
Which of the following tools should the analyst recommend to block any command and control traffic?

  • A. Netstat
  • B. NIDS
  • C. IPS
  • D. HIDS

Answer: A

 

NEW QUESTION 72
A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After investigating the platform vulnerability, it was determined that the web services provided are being impacted by this new threat.
Which of the following data types are MOST likely at risk of exposure based on this new threat?
(Choose two.)

  • A. Personal health information
  • B. Intellectual property
  • C. Corporate financial data
  • D. Employee records
  • E. Cardholder data

Answer: A,E

 

NEW QUESTION 73
A security analyst is monitoring authentication exchanges over the company's wireless network.
A sample of the Wireshark output is shown below:

Which of the following would improve the security posture of the wireless network?

  • A. Using SSL 2.0 instead of TLSv1.1
  • B. Using UDP instead of TCP
  • C. using aspx instead of .jsp
  • D. Using PEAP instead of LEAP

Answer: D

 

NEW QUESTION 74
A technician receives the following security alert from the firewall's automated system:

After reviewing the alert, which of the following is the BEST analysis?

  • A. This alert indicates an endpoint may be infected and is potentially contacting a suspect host.
  • B. This alert indicates a user was attempting to bypass security measures using dynamic DNS.
  • C. This alert is a false positive because DNS is a normal network function.
  • D. This alert was generated by the SIEM because the user attempted too many invalid login attempts.

Answer: A

 

NEW QUESTION 75
Which of the following policies would state an employee should not disable security safeguards, such as host firewalls and antivirus, on company systems?

  • A. Code of conduct policy
  • B. Acceptable use policy
  • C. Password policy
  • D. Account management policy

Answer: B

 

NEW QUESTION 76
A cybersecurity analyst is responding to an incident. The company's leadership team wants to attribute the incident to an attack group. Which of the following models would BEST apply to the situation?

  • A. Intelligence cycle
  • B. Kill chain
  • C. Diamond Model of Intrusion Analysis
  • D. MITRE ATT&CK

Answer: B

 

NEW QUESTION 77
A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two compromised devices.
Which of the following should be used to identify the traffic?

  • A. Packet analysis
  • B. Memory dump
  • C. Carving
  • D. Hashing
  • E. Disk imaging

Answer: A

 

NEW QUESTION 78
Which of the following commands would a security analyst use to make a copy of an image for forensics use?

  • A. wget
  • B. rm
  • C. touch
  • D. dd

Answer: D

 

NEW QUESTION 79
A security analyst needs to identify possible threats to a complex system a client is developing. Which of the following methodologies would BEST address this task?

  • A. Spoofing, Tampering. Repudiation, Information disclosure. Denial of service, Elevation of privileges (STRIDE)
  • B. Open Web Application Security Project (OWASP)
  • C. Software Assurance Maturity Model (SAMM)
  • D. Open Source Security Information Management (OSSIM)

Answer: B

 

NEW QUESTION 80
A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company's network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?

  • A. Someone has configured an unauthorized SMTP application over SSL
  • B. The server is receiving a secure connection using the new TLS 1.3 standard
  • C. A connection from the database to the web front end is communicating on the port
  • D. The traffic is common static data that Windows servers send to Microsoft

Answer: A

 

NEW QUESTION 81
A cybersecurity analyst is investigating a potential incident affecting multiple systems on a company's internal network. Although there is a negligible impact to performance, the following symptom present on each of the affected systems:
* Existence of a new and unexpected svchost exe process
* Persistent, outbound TCP/IP connections to an unknown external host with routine keep-alives transferred
* DNS query logs showing successful name resolution for an Internet-resident dynamic DNS domain If this situation remains unresolved, which of the following will MOST likely occur?

  • A. The adversary may attempt to perform a man-in-the-middle attack.
  • B. An adversary may leverage the affected hosts to reconfigure the company's router ACLs.
  • C. Key files on the affected hosts may become encrypted and require ransom payment for unlock.
  • D. The affected hosts may participate in a coordinated DDoS attack upon command

Answer: C

 

NEW QUESTION 82
The Chief Information Security Officer (CISO) asks a security analyst to write a new SIEM search rule to determine if any credit card numbers are being written to log files. The CISO and security analyst suspect the following log snippet contains real customer card data:

Which of the following expressions would find potential credit card numbers in a format that matches the log snippet?

  • A. (0-9) x 16
  • B. "04*"
  • C. ^[0-9](16)$
  • D. "1234-5678"

Answer: C

 

NEW QUESTION 83
An organization has two environments: development and production. Development is where applications are developed with unit testing. The development environment has many configuration differences from the production environment. All applications are hosted on virtual machines. Vulnerability scans are performed against all systems before and after any application or configuration changes to any environment. Lately, vulnerability remediation activity has caused production applications to crash and behave unpredictably. Which of the following changes should be made to the current vulnerability management process?

  • A. Refine testing in the development environment to include fuzzing and user acceptance testing so applications are more stable before they migrate to production
  • B. Create a third environment between development and production that mirrors production and tests all changes before deployment to the users
  • C. Refine testing in the production environment to include more exhaustive application stability testing while continuing to maintain the robust vulnerability remediation activities
  • D. Create a second production environment by cloning the virtual machines, and if any stability problems occur, migrate users to the alternate production environment

Answer: B

 

NEW QUESTION 84
Which of the following BEST articulates the benefit of leveraging SCAP in an organization's cybersecurity analysis toolset?

  • A. It enables standard checklist and vulnerability analysis expressions for automation
  • B. It provides validation of suspected system vulnerabilities through workflow orchestration
  • C. It automatically performs remedial configuration changes to enterprise security services
  • D. It establishes a continuous integration environment for software development operations

Answer: A

 

NEW QUESTION 85
An organization has had problems with security teams remediating vulnerabilities that are either false positives or are not applicable to the organization's servers. Management has put emphasis on security teams conducting detailed analysis and investigation before conducting any remediation.
The output from a recent Apache web server scan is shown below:

The team performs some investigation and finds this statement from Apache on 07/02/2008:
"Fixed in Apache HTTP server 2.2.6, 2.0.61, and 1.3.39"
Which of the following conditions would require the team to perform remediation on this finding?

  • A. The organization is running version 1.3.39 and is using a public-server-status page
  • B. The organization is running version 2.0.59 is not using a public-server-status page
  • C. The organization is running version 2.0.5 and has ExtendedStatus enabled
  • D. The organization is running version 2.2.6 and has ExtendedStatus enabled

Answer: C

 

NEW QUESTION 86
A security analyst received an alert from the SIEM indicating numerous login attempts from users outside their usual geographic zones, all of which were initiated through the web-based mail server. The logs indicate all domain accounts experienced two login attempts during the same time frame.
Which of the following is the MOST likely cause of this issue?

  • A. A password-spraying attack was performed against the organization.
  • B. A credentialed external vulnerability scan was performed.
  • C. This was normal shift work activity; the SIEM's AI is learning.
  • D. A DDoS attack was performed against the organization.

Answer: A

Explanation:
Explanation
Explanation/Reference: https://doubleoctopus.com/security-wiki/threats-and-tools/password-spraying/

 

NEW QUESTION 87
Ransomware is identified on a company's network that affects both Windows and MAC hosts.
The command and control channel for encryption for this variant uses TCP ports from 11000 to
65000. The channel goes to good1. Iholdbadkeys.com, which resolves to IP address 72.172.16.2.
Which of the following is the MOST effective way to prevent any newly infected systems from actually encrypting the data on connected network drives while causing the least disruption to normal Internet traffic?

  • A. Block all outbound TCP connections to IP host address 172.172.16.2 at the border gateway.
  • B. Block all outbound traffic to web host good1 iholdbadkeys.com at the border gateway.
  • C. Block all outbound traffic on TCP ports 11000 to 65000 to IP host address 172.172.16.2 at the border gateway.
  • D. Block all outbound traffic on TCP ports 11000 to 65000 at the border gateway.

Answer: B

 

NEW QUESTION 88
Which of the following types of policies is used to regulate data storage on the network?

  • A. Account management
  • B. Retention
  • C. Acceptable use
  • D. Password

Answer: B

 

NEW QUESTION 89
A security administrator needs to create an IDS rule to alert on FTP login attempts by root. Which of the following rules is the BEST solution?

  • A. Option D
  • B. Option A
  • C. Option C
  • D. Option B

Answer: D

 

NEW QUESTION 90
Risk management wants IT to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet.
Which of the following would BEST provide this solution?

  • A. Sandboxing
  • B. Decomposition of malware
  • C. Risk evaluation
  • D. File fingerprinting

Answer: A

 

NEW QUESTION 91
Given a packet capture of the following scan:

Which of the following should MOST likely be inferred on the scan's output?

  • A. 192.168.1.55 is a Linux server.
  • B. 192.168.1.115 is hosting a web server.
  • C. 192.168.1.55 is a file server.
  • D. 192.168.1.55 is hosting a web server.

Answer: C

 

NEW QUESTION 92
In order to leverage the power of data correlation within Nessus, a cybersecurity analyst needs to write an SQL statement that will provide how long a vulnerability has been present on the network.
Given the following output table:

Which of the following SQL statements would provide the resulted output needed for this correlation?

  • A. SELECT Port, ScanDate, IP, PlugIn FROM MyResults WHERE PluginID=`1000'
  • B. SELECT ScanDate, IP, Port, PlugIn SET MyResults WHERE PluginID=`1000'
  • C. SELECT ScanDate, IP, Port, PlugIn FROM MyResults WHERE PluginID=`1000'
  • D. SELECT IP, PORT, PlugIn, ScanDate FROM MyResults SET PluginID=`1000'

Answer: C

 

NEW QUESTION 93
......

[Nov-2021] Pass CompTIA CS0-002 Exam in First Attempt Guaranteed: https://drive.google.com/open?id=1x6r7V0Vskf04IfxuRoXUNEmjPbMuWVmJ

Reduce Your Chance of Failure in CS0-002 Exam: https://www.itexamsimulator.com/CS0-002-brain-dumps.html