CS0-002 Questions - Truly Beneficial For Your CompTIA Exam (Updated 371 Questions) [Q67-Q88]

Share

CS0-002 Questions - Truly Beneficial For Your CompTIA Exam (Updated 371 Questions)

View All CS0-002 Actual Exam Questions, Answers and Explanations for Free

NEW QUESTION # 67
An analyst is reviewing the following output:

Which of the following was MOST likely used to discover this?

  • A. A passive vulnerability scan
  • B. A web application vulnerability scan
  • C. Reverse engineering using a debugger
  • D. A static analysis vulnerability scan

Answer: A


NEW QUESTION # 68
Which of the following technologies can be used to store digital certificates and is typically used in high-security implementations where integrity is paramount?

  • A. Self-encrypting drive
  • B. UEFI
  • C. eFuse
  • D. HSM

Answer: D


NEW QUESTION # 69
A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.
Tool A reported the following:

Tool B reported the following:

Which of the following BEST describes the method used by each tool? (Choose two.)

  • A. Tool A used fuzzing logic to test vulnerabilities.
  • B. Tool B is unauthenticated.
  • C. Tool B utilized machine learning technology.
  • D. Tool A is agent based.
  • E. Tool B is agent based.
  • F. Tool A is unauthenticated.

Answer: E,F


NEW QUESTION # 70
An IT security analyst has received an email alert regarding a vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?

  • A. Modbus
  • B. CAN bus
  • C. IoT
  • D. SCADA

Answer: B

Explanation:
The Controller Area Network - CAN bus is a message-based protocol designed to allow the Electronic Control Units (ECUs) found in today's automobiles, as well as other devices, to communicate with each other in a reliable, priority-driven fashion. Messages or "frames" are received by all devices in the network, which does not require a host computer.
CAN bus stands for Controller Area Network bus, which is a communication protocol that allows different devices and components in a vehicle to communicate and exchange data. The vulnerability within the new fleet of vehicles is most likely targeting the CAN bus, because it could allow an attacker to manipulate or disrupt the operation of the vehicle. SCADA, Modbus, and IoT are other terms related to communication protocols or systems, but they are not specific to vehicles. Reference: https://www.csoonline.com/article/3218104/what-is-a-can-bus-and-how-can-it-be-hacked.html


NEW QUESTION # 71
A security analyst is building a malware analysis lab. The analyst wants to ensure malicious applications are not capable of escaping the virtual machines and pivoting to other networks.
To BEST mitigate this risk, the analyst should use.

  • A. a managed switch to segment the lab into a separate VLAN.
  • B. an 802.11ac wireless bridge to create an air gap.
  • C. an unmanaged switch to segment the environments from one another.
  • D. a firewall to isolate the lab network from all other networks.

Answer: A


NEW QUESTION # 72
A cybersecunty analyst needs to harden a server that is currently being used as a web server The server needs to be accessible when entenng www company com into the browser Additionally web pages require frequent updates which are performed by a remote contractor Given the following output:

Which of the following should the cybersecunty analyst recommend to harden the server? (Select TWO).

  • A. Disable the Telnet service
  • B. Block port 80 with the host-based firewall
  • C. Perform a vulnerability scan
  • D. Change the server's IP to a private IP address
  • E. Change the SSH port to a non-standard port
  • F. Uninstall the DNS service

Answer: A,C


NEW QUESTION # 73
A security team has begun updating the risk management plan, incident response plan, and system security plan to ensure compliance with security review guidelines. Which of the following can be executed by internal managers to simulate and validate the proposed changes?

  • A. Tabletop exercise
  • B. Control assessment
  • C. Internal management review
  • D. Peer review

Answer: A

Explanation:
According to the CompTIA CySA+ Certification Exam (CS0-002) study guide, a tabletop exercise can be executed by internal managers to simulate and validate changes to the risk management plan, incident response plan, and system security plan. In a tabletop exercise, participants discuss and work through a simulated scenario, usually in a classroom or conference room setting, to evaluate their readiness and understanding of the proposed changes. This type of exercise can help to identify any potential issues or gaps in the proposed changes and can provide valuable insights for refining and improving the plans.


NEW QUESTION # 74
An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issued mobile device while connected to the network. Which of the following actions would help during the forensic analysis of the mobile device? (Select TWO).

  • A. Resetting the phone to factory settings
  • B. Rebooting the phone and installing the latest security updates
  • C. Documenting the respective chain of custody
  • D. Unlocking the device by browsing the eFuse
  • E. Uninstalling any potentially unwanted programs
  • F. Performing a memory dump of the mobile device for analysis

Answer: C,F

Explanation:
Documenting the chain of custody is an important step in the forensic analysis of any device, as it helps to ensure that all evidence is collected and preserved correctly. A memory dump is also essential, as it can provide information about the state of the device when the attack occurred and can be used for further analysis.
Documenting the respective chain of custody can help to preserve the integrity and admissibility of the evidence collected from the mobile device during the forensic analysis. Chain of custody is a record of who handled, accessed or modified the evidence, when, where, how and why . Performing a memory dump of the mobile device for analysis can help to extract volatile data from the mobile device that may contain valuable information about the ransomware attack, such as processes, network connections or encryption keys. Memory dump is a process of copying the contents of the memory (RAM) to a file or storage device .


NEW QUESTION # 75
An analyst is coordinating with the management team and collecting several terabytes of data to analyze using advanced mathematical techniques in order to find patterns and correlations in events and activities. Which of the following describes what the analyst is doing?

  • A. SCAP
  • B. Machine learning
  • C. Data visualization
  • D. SOAR

Answer: B

Explanation:
A) Data visualization is not correct. Data visualization is the process of presenting data in a graphical or pictorial format, such as charts, graphs, maps, or dashboards. Data visualization can help to communicate information, insights, or trends more effectively and intuitively than using text or numbers alone2.
B) SOAR is not correct. SOAR stands for Security Orchestration, Automation, and Response, and it is a solution that combines various tools and processes to improve the efficiency and effectiveness of security operations. SOAR can help to automate tasks, integrate systems, coordinate actions, and respond to incidents faster and more consistently3.
D) SCAP is not correct. SCAP stands for Security Content Automation Protocol, and it is a set of standards and specifications that enable the automated assessment, measurement, and reporting of the security posture of systems and networks. SCAP can help to ensure compliance, identify vulnerabilities, and remediate issues.
1: What Is Machine Learning? 2: What Is Data Visualization? 3: What Is Security Orchestration, Automation, and Response (SOAR)? : [What Is Security Content Automation Protocol (SCAP)?] Explanation:
The correct answer is C. Machine learning. Machine learning is a branch of artificial intelligence that uses advanced mathematical techniques, such as statistics, algorithms, and linear algebra, to analyze large amounts of data and find patterns and correlations in events and activities. Machine learning can help to automate tasks, improve decision making, and enhance security by detecting anomalies, threats, or trends1.


NEW QUESTION # 76
A security analyst has received reports of very slow, intermittent access to a public-facing corporate server.
Suspecting the system may be compromised, the analyst runs the following commands:

Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?

  • A. Examine the server logs for further indicators of compromise of a web application.
  • B. Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.
  • C. Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.
  • D. Run kill -9 1325 to bring the load average down so the server is usable again.

Answer: A


NEW QUESTION # 77
The majority of a company's employees have stated they are unable to perform their job duties due to outdated workstations, so the company has decided to institute BYOD. Which of the following would a security analyst MOST likely recommend for securing the proposed solution?

  • A. A standardized anti-malware platform and a unified operating system vendor
  • B. A Linux-based system and mandatory training on Linux for all BYOD users
  • C. 802.1X lo enforce company policy on BYOD user hardware
  • D. A firewalled environment for client devices and a secure VDl for BYOO users

Answer: D

Explanation:
VDI means virtual desktop interface. Using VDI, you can maintain a standard image and remove the threat of an infected machine plugging into your network.
A firewalled environment for client devices and a secure VDI (Virtual Desktop Infrastructure) for BYOD users would be the most likely recommendation for securing the proposed solution. A firewalled environment can help isolate and protect the client devices from unauthorized network access or attacks. A secure VDI can provide a virtualized desktop environment for BYOD users that can be centrally managed and controlled by the organization. A VDI can also prevent data leakage or malware infection from BYOD devices, as the data and applications are stored on the server side rather than on the device itself5.


NEW QUESTION # 78
The security team for a large, international organization is developing a vulnerability management program. The development staff has expressed concern that the new program will cause service interruptions and downtime as vulnerabilities are remedied.
Which of the following should the security team implement FIRST as a core component of the remediation process to address this concern?

  • A. Change control procedures
  • B. Isolation of vulnerable servers
  • C. Automated patch management
  • D. Security regression testing

Answer: D


NEW QUESTION # 79
A cybersecurity analyst is currently auditing a new Active Directory server for compliance. The analyst uses Nessus to do the initial scan, and Nessus reports the following:

Which of the following critical vulnerabilities has the analyst discovered?

  • A. Zero-day
  • B. Path disclosure
  • C. User enumeration
  • D. Known backdoor

Answer: D


NEW QUESTION # 80
While reviewing log files, a security analyst uncovers a brute-force attack that is being performed against an external webmail portal. Which of the following would be BEST to prevent this type of attack from beinq successful?

  • A. Configure a WAF with brute force protection rules in block mode
  • B. Create a new rule in the IDS that triggers an alert on repeated login attempts
  • C. Implement MFA on the email portal using out-of-band code delivery.
  • D. Alter the lockout policy to ensure users are permanently locked out after five attempts.
  • E. Leverage password filters to prevent weak passwords on employee accounts from being exploited.

Answer: C


NEW QUESTION # 81
A network attack that is exploiting a vulnerability in the SNMP is detected.
Which of the following should the cybersecurity analyst do FIRST?

  • A. Disable all privileged user accounts on the network.
  • B. Apply the required patches to remediate the vulnerability.
  • C. Escalate the incident to senior management for guidance.
  • D. Temporarily block the attacking IP address.
    Section: (none)
    Explanation

Answer: B

Explanation:
Reference:
https://beyondsecurity.com/scan-pentest-network-vulnerabilities-snmp-protocol-version- detection.html


NEW QUESTION # 82
While preparing for a third-party audit, the vice president of risk management and the vice president of information technology have stipulated that the vendor may not use offensive software during the audit. This is an example of:

  • A. risk appetite.
  • B. rules of engagement.
  • C. service-level agreement.
  • D. organizational control.

Answer: B


NEW QUESTION # 83
The Cruel Executive Officer (CEO) of a large insurance company has reported phishing emails that contain malicious links are targeting the entire organza lion Which of the following actions would work BEST to prevent against this type of attack?

  • A. Turn on full behavioral analysis to avert an infection
  • B. Reconfigure the EDR solution to perform real-time scanning of all files
  • C. Ensure EDR signatures are updated every day to avert infection.
  • D. Modify the EDR solution to use heuristic analysis techniques for malware.
  • E. Implement an EOR mail module that will rewrite and analyze email links.

Answer: C


NEW QUESTION # 84
A company's application development has been outsourced to a third-party development team. Based on the SLA.
The development team must follow industry best practices for secure coding.
Which of the following is the BEST way to verify this agreement?

  • A. Security regression testing
  • B. Application fuzzing
  • C. User acceptance testing
  • D. Input validation
  • E. Stress testing

Answer: C


NEW QUESTION # 85
A security analyst is attempting to utilize the blowing threat intelligence for developing detection capabilities:

In which of the following phases is this APT MOST likely to leave discoverable artifacts?

  • A. Reconnaissance
  • B. Lateral movement
  • C. Defensive evasion
  • D. Data collection/exfiltration

Answer: D


NEW QUESTION # 86
Which of the following policies would state an employee should not disable security safeguards, such as host firewalls and antivirus, on company systems?

  • A. Account management policy
  • B. Password policy
  • C. Acceptable use policy
  • D. Code of conduct policy

Answer: C


NEW QUESTION # 87
An organization has a policy prohibiting remote administration of servers where web services are running.
One of the Nmap scans is shown here:

Given the organization's policy, which of the following services should be disabled on this server?

  • A. mysql
  • B. telnet
  • C. netbios-ssn
  • D. rpcbind
  • E. ssh

Answer: E


NEW QUESTION # 88
......

CS0-002 dumps Free Test Engine Verified By It Certified Experts: https://examboost.validdumps.top/CS0-002-exam-torrent.html