Get all the Information About CompTIA CS0-002 Exam 2024 Practice Test Questions [Q144-Q164]

Get all the Information About CompTIA CS0-002 Exam 2024 Practice Test Questions

Check Real CompTIA CS0-002 Exam Question for Free (2024)

NEW QUESTION # 144
A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking
Error! Hyperlink reference not valid. in a phishing email.
To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the .

A. proxy to block all connections to <malwaresource>.
B. email server that automatically deletes attached executables.
C. IDS to match the malware sample.
D. firewall to block connection attempts to dynamic DNS hosts.

Answer: A

NEW QUESTION # 145
A company provides wireless connectivity to the internal network from all physical locations for company- owned devices. Users were able to connect the day before, but now all users have reported that when they connect to an access point in the conference room, they cannot access company resources. Which of the following BEST describes the cause of the problem?

A. The network is not available. Escalate the issue to network support.
B. The access point is blocking access by MAC address. Disable MAC address filtering.
C. Expired DNS entries on users' devices. Request the affected users perform a DNS flush.
D. The access point is a rogue device. Follow incident response procedures.

Answer: D

NEW QUESTION # 146
A custom script currently monitors real-time logs of a SAMIL authentication server to mitigate brute-force attacks. Which of the following is a concern when moving authentication to a cloud service?

A. SAML logging is not supported for cloud-based authentication.
B. Access to logs may be delayed for some time.
C. Log data may be visible to other customers.
D. Logs may contain incorrect information.

Answer: B

Explanation:
Explanation
Threats & Vulnerabilities Associated with the Cloud, Subsection "Logging and Monitoring"
"Because the responsibility of protecting portions of the stack falls to the service provider, it does sometimes mean the organization loses monitoring capabilities, for better or worse." CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002) (p. 158).

NEW QUESTION # 147
During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into a webform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?

A. Input validation
B. Peer review code
C. Application fuzzing
D. Static code analysis

Answer: A

NEW QUESTION # 148
During the security assessment of a new application, a tester attempts to log in to the application but receives the following message incorrect password for given username. Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information?

A. Set the web page to redirect to an application support page when a bad password is entered.
B. Recognize that error messaging does not provide confirmation of the correct element of authentication
C. Avoid using password-based authentication for the application
D. Disable error messaging for authentication

Answer: D

Explanation:
Disabling error messaging for authentication would be the best recommendation to decrease the likelihood that a malicious attacker will receive helpful information. Error messaging for authentication is a feature that displays an error message when a user enters an incorrect username or password. However, this feature can also provide useful information to an attacker who is trying to guess or brute-force valid credentials. For example, if the error message says "incorrect password for given username", then the attacker knows that the username is valid and only needs to focus on cracking the password. Disabling error messaging for authentication can help reduce this information leakage and make it harder for an attacker to succeed.

NEW QUESTION # 149
When reviewing a compromised authentication server, a security analyst discovers the following hidden file:

Further analysis shows these users never logged in to the server. Which of the following types of attacks was used to obtain the file and what should the analyst recommend to prevent this type of attack from reoccurring?

A. A rainbow tables attack was used to compromise the accounts. The analyst should recommend that future password hashes contains a salt.
B. A password spraying attack was used to compromise the passwords. The analyst should recommend that all users receive a unique password.
C. A phishing attack was used to compromise the account. The analyst should recommend users install endpoint protection to disable phishing links.
D. A rogue LDAP server is installed on the system and is connecting passwords. The analyst should recommend wiping and reinstalling the server.

Answer: B

NEW QUESTION # 150
A security analyst is conducting traffic analysis following a potential web server breach.
The analyst wants to investigate client-side server errors.

Which of the following lines of this query output should be investigated further?

A. 0
B. 1
C. 2
D. 3

Answer: D

NEW QUESTION # 151
A security analyst is reviewing a new Internet portal that will be used for corporate employees to obtain their pay statements. Corporate policy classifies pay statement information as confidential, and it must be protected by MFA.
Which of the following would best fulfill the MFA requirement while keeping the portal accessible from the internet?

A. Obtaining home public IP addresses of corporate employees to implement source IP restrictions and requiring a username and password
B. Moving the internet portal server to a DMZ that is only accessible from the corporate VPN and requiring a username and password
C. Distributing a shared password that must be provided before the internet portal loads and requiring a username and password
D. Requiring the internet portal to be accessible from only the corporate SSO internet endpoint and requiring a smart card and PIN

Answer: D

Explanation:
Requiring the internet portal to be accessible from only the corporate SSO internet endpoint and requiring a smart card and PIN. This option provides the best MFA requirement because it uses two factors of authentication: something you have (smart card) and something you know (PIN). It also restricts access to the portal from a trusted source (corporate SSO internet endpoint).

NEW QUESTION # 152
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue.
INSTRUCTIONS
Click on me ticket to see the ticket details Additional content is available on tabs within the ticket First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

Answer:

Explanation:

NEW QUESTION # 153
A remote code execution vulnerability was discovered in the RDP. An organization currently uses RDP for remote access to a portion of its VDI environment. The analyst verified network-level authentication is enabled Which of the following is the BEST remediation for this vulnerability?

A. Verify the latest endpoint-protection signature is in place.
B. Verify the threat intelligence feed is updated with the latest solutions
C. Verify the corresponding patch for the vulnerability is installed^
D. Verify the system logs do not contain indicator of compromise.

Answer: A

NEW QUESTION # 154
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output:

Which of the following lines indicates the computer may be compromised?

A. Line 4
B. Line 3
C. Line 2
D. Line 6
E. Line 5
F. Line 1

Answer: A

NEW QUESTION # 155
During an audit several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products Which of the following would be the BEST way to locate this issue?

A. Reduce the session timeout threshold
B. Run a static code scan
C. Deploy MFA for access to the web server
D. Implement input validation

Answer: B

NEW QUESTION # 156
A security analyst reviews SIEM logs and discovers the following error event:

Which of the following environments does the analyst need to examine to continue troubleshooting the event?

A. Proxy server
B. WAF appliance
C. SQL server
D. Windows domain controller
E. DNS server

Answer: D

Explanation:
A Windows domain controller is a server that manages authentication and authorization for users and computers in a Windows domain. A Windows domain controller uses Active Directory Domain Services (AD DS) to store information about users, groups, computers, policies, and other objects in a domain. A Windows domain controller can generate event logs that record various activities and events related to security, system, application, etc. The event log shown in the question indicates that it was generated by a Windows domain controller with an IP address of 10.0.0.1 and a hostname of DC01.

NEW QUESTION # 157
A threat intelligence analyst who works for an oil and gas company has received the following email from a superior:
"We will be connecting our IT network with our ICS. Our IT security has historically been top of the line, and this convergence will make the ICS easier to manage and troubleshoot. Can you please perform a risk/vulnerability assessment on this decision?" Which of the following is MOST accurate regarding ICS in this scenario?

A. Combined networks decrease efficiency
B. IT networks cannot be connected to ICS infrastructure
C. Integrating increases the attack surface
D. Convergence decreases attack vectors

Answer: C

NEW QUESTION # 158
The Dirty COW attack is an example of what type of vulnerability?

A. LDAP injection
B. Buffer overflow
C. Privilege escalation
D. Malicious code

Answer: C

NEW QUESTION # 159
Which of the following BEST describes the process by which code is developed, tested, and deployed in small batches?

A. SDLC
B. Agile
C. Dynamic code analysis
D. Waterfall

Answer: B

Explanation:
Reference:
https://www.cleverism.com/software-development-life-cycle-sdlc-methodologies/

NEW QUESTION # 160
In an effort to be proactive, an analyst has run an assessment against a sample workstation before auditors visit next month. The scan results are as follows:

Based on the output of the scan, which of the following is the BEST answer?

A. Failed credentialed scan
B. Failed asset inventory
C. Successful sensitivity level check
D. Failed compliance check

Answer: A

NEW QUESTION # 161
A cybersecurity analyst is reviewing the following outputs:

Which of the following can the analyst infer from the above output?

A. The remote host is redirecting port 80 to port 8080.
B. The remote host is running a web server on port 80.
C. The remote host is running a service on port 8080.
D. The remote host's firewall is dropping packets for port 80.

Answer: C

NEW QUESTION # 162
A company has contracted with a software development vendor to design a web portal for customers to access a medical records database. Which of the following should the security analyst recommend to BEST control the unauthorized disclosure of sensitive data when sharing the development database with the vendor?

A. Enable data masking of sensitive data tables in the database.
B. Establish an NDA with the vendor.
C. Use a de-identified data process for the development database.
D. Set all database tables to read only.

Answer: A

NEW QUESTION # 163
A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.
Instructions:
Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.
For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.
Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.
The Linux Web Server, File-Print Server and Directory Server are draggable.
If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.