CompTIA CS0-002 Free Practice Questions

NEW QUESTION 1
A security analyst implemented a solution that would analyze the attacks that the organization’s firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command.
S sudo nc -1 -v -c maildemon . py 25 caplog, txt
Which of the following solutions did the analyst implement?

• A. Log collector
• B. Crontab mail script
• C. Snikhole
• D. Honeypot

Answer: A

NEW QUESTION 2
A security analyst is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise'?

• A. Run an anti-malware scan on the system to detect and eradicate the current threat
• B. Start a network capture on the system to look into the DNS requests to validate command and control traffic.
• C. Shut down the system to prevent further degradation of the company network
• D. Reimage the machine to remove the threat completely and get back to a normal running state.
• E. Isolate the system on the network to ensure it cannot access other systems while evaluation is underway.

Answer: A

NEW QUESTION 3
A company's modem response team is handling a threat that was identified on the network Security analysts have as at remote sites. Which of the following is the MOST appropriate next step in the incident response plan?

• A. Quarantine the web server
• B. Deploy virtual firewalls
• C. Capture a forensic image of the memory and disk
• D. Enable web server containerization

Answer: B

NEW QUESTION 4
A cybersecurity analyst is supposing an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?

• A. Requirements analysis and collection planning
• B. Containment and eradication
• C. Recovery and post-incident review
• D. Indicator enrichment and research pivoting

Answer: D

NEW QUESTION 5
A developer wrote a script to make names and other Pll data unidentifiable before loading a database export into the testing system Which of the following describes the type of control that is being used?

• A. Data encoding
• B. Data masking
• C. Data loss prevention
• D. Data classification

Answer: C

NEW QUESTION 6
Which of the following is the BEST way to share incident-related artifacts to provide non-repudiation?

• A. Secure email
• B. Encrypted USB drives
• C. Cloud containers
• D. Network folders

Answer: B

NEW QUESTION 7
An organization has not had an incident for several month. The Chief information Security Officer (CISO) wants to move to proactive stance for security investigations. Which of the following would BEST meet that goal?

• A. Root-cause analysis
• B. Active response
• C. Advanced antivirus
• D. Information-sharing community
• E. Threat hunting

Answer: E

NEW QUESTION 8
It is important to parameterize queries to prevent:

• A. the execution of unauthorized actions against a database.
• B. a memory overflow that executes code with elevated privileges.
• C. the establishment of a web shell that would allow unauthorized access.
• D. the queries from using an outdated library with security vulnerabilities.

Answer: A

NEW QUESTION 9
A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats.
Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?

• A. Development of a hypothesis as part of threat hunting
• B. Log correlation, monitoring, and automated reporting through a SIEM platform
• C. Continuous compliance monitoring using SCAP dashboards
• D. Quarterly vulnerability scanning using credentialed scans

Answer: A

NEW QUESTION 10
A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http://<malwaresource>/a.php in a phishing email.
To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the.

• A. email server that automatically deletes attached executables.
• B. IDS to match the malware sample.
• C. proxy to block all connections to <malwaresource>.
• D. firewall to block connection attempts to dynamic DNS hosts.

Answer: C

NEW QUESTION 11
An analyst is participating in the solution analysis process for a cloud-hosted SIEM platform to centralize log monitoring and alerting capabilities in the SOC.
Which of the following is the BEST approach for supply chain assessment when selecting a vendor?

• A. Gather information from providers, including datacenter specifications and copies of audit reports.
• B. Identify SLA requirements for monitoring and logging.
• C. Consult with senior management for recommendations.
• D. Perform a proof of concept to identify possible solutions.

Answer: B

NEW QUESTION 12
Which of the following BEST articulates the benefit of leveraging SCAP in an organization’s cybersecurity analysis toolset?

• A. It automatically performs remedial configuration changes to enterprise security services
• B. It enables standard checklist and vulnerability analysis expressions for automation
• C. It establishes a continuous integration environment for software development operations
• D. It provides validation of suspected system vulnerabilities through workflow orchestration

Answer: B

NEW QUESTION 13
A security analyst needs to reduce the overall attack surface.
Which of the following infrastructure changes should the analyst recommend?

• A. Implement a honeypot.
• B. Air gap sensitive systems.
• C. Increase the network segmentation.
• D. Implement a cloud-based architecture.

Answer: C

NEW QUESTION 14
A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance software as identified from the firewall logs but the destination IP is blocked and not captured. Which of the following should the analyst do?

• A. Shut down the computer
• B. Capture live data using Wireshark
• C. Take a snapshot
• D. Determine if DNS logging is enabled.
• E. Review the network logs.

Answer: A

NEW QUESTION 15
A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the future.
Which of the following would be the BEST solution to recommend to the director?

• A. Install a data loss prevention system, and train human resources employees on its us
• B. Provide PII training to all employees at the compan
• C. Encrypt PII information.
• D. Enforce encryption on all emails sent within the compan
• E. Create a PII program and policy on how to handle dat
• F. Train all human resources employees.
• G. Train all employee
• H. Encrypt data sent on the company networ
• I. Bring in privacy personnel to present a plan on how PII should be handled.
• J. Install specific equipment to create a human resources policy that protects PII dat
• K. Train company employees on how to handle PII dat
• L. Outsource all PII to another compan
• M. Send the human resources director to training for PII handling.

Answer: A

NEW QUESTION 16
......