Tested CompTIA CS0-002 Free Practice Exam Online

NEW QUESTION 1
A security analyst has received reports of very slow, intermittent access to a public-facing corporate server. Suspecting the system may be compromised, the analyst runs the following commands:

Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?

• A. Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.
• B. Examine the server logs for further indicators of compromise of a web application.
• C. Run kill -9 1325 to bring the load average down so the server is usable again.
• D. Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.

Answer: B

NEW QUESTION 2
A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is comptia.org. The testing is successful, and the security technician is prepared to fully implement the solution.
Which of the following actions should the technician take to accomplish this task?

• A. Add TXT @ "v=spf1 mx include:_spf.comptia.org all" to the DNS record.
• B. Add TXT @ "v=spf1 mx include:_spf.comptia.org all" to the email server.
• C. Add TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the domain controller.
• D. Add TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the web server.

Answer: A

NEW QUESTION 3
A small electronics company decides to use a contractor to assist with the development of a new FPGA-based device. Several of the development phases will occur off-site at the contractor's labs.
Which of the following is the main concern a security analyst should have with this arrangement?

• A. Making multiple trips between development sites increases the chance of physical damage to the FPGAs.
• B. Moving the FPGAs between development sites will lessen the time that is available for security testing.
• C. Development phases occurring at multiple sites may produce change management issues.
• D. FPGA applications are easily cloned, increasing the possibility of intellectual property theft.

Answer: B

NEW QUESTION 4
A security analyst is reviewing the following web server log:

Which of the following BEST describes the issue?

• A. Directory traversal exploit
• B. Cross-site scripting
• C. SQL injection
• D. Cross-site request forgery

Answer: A

NEW QUESTION 5
A security analyst received an email with the following key: Xj3XJ3LLc
A second security analyst received an email with following key: 3XJ3xjcLLC
The security manager has informed the two analysts that the email they received is a key that allows access to the company’s financial segment for maintenance. This is an example of:

• A. dual control
• B. private key encryption
• C. separation of duties
• D. public key encryption
• E. two-factor authentication

Answer: A

NEW QUESTION 6
During a routine log review, a security analyst has found the following commands that cannot be identified from the Bash history log on the root user.

Which of the following commands should the analyst investigate FIRST?

• A. Line 1
• B. Line 2
• C. Line 3
• D. Line 4
• E. Line 5
• F. Line 6

Answer: B

NEW QUESTION 7
A company's marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party in1marketingpartners.com Below is the exiting SPP word:

Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 8
A security analyst discovered a specific series of IP addresses that are targeting an organization. None of the attacks have been successful. Which of the following should the security analyst perform NEXT?

• A. Begin blocking all IP addresses within that subnet.
• B. Determine the attack vector and total attack surface.
• C. Begin a kill chain analysis to determine the impact.
• D. Conduct threat research on the IP addresses

Answer: D

NEW QUESTION 9
A security analyst is attempting to utilize the blowing threat intelligence for developing detection capabilities:

In which of the following phases is this APT MOST likely to leave discoverable artifacts?

• A. Data collection/exfiltration
• B. Defensive evasion
• C. Lateral movement
• D. Reconnaissance

Answer: A

NEW QUESTION 10
Joe, a penetration tester, used a professional directory to identify a network administrator and ID administrator for a client’s company. Joe then emailed the network administrator, identifying himself as the ID administrator, and asked for a current password as part of a security exercise. Which of the following techniques were used in this scenario?

• A. Enumeration and OS fingerprinting
• B. Email harvesting and host scanning
• C. Social media profiling and phishing
• D. Network and host scanning

Answer: C

NEW QUESTION 11
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue. INSTRUCTIONS
Click on me ticket to see the ticket details Additional content is available on tabs within the ticket
First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 12
A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company's server. Which of the following is the FIRST step the analyst should take?

• A. Create a full disk image of the server's hard drive to look for the file containing the malware.
• B. Run a manual antivirus scan on the machine to look for known malicious software.
• C. Take a memory snapshot of the machine to capture volatile information stored in memory.
• D. Start packet capturing to look for traffic that could be indicative of command and control from the miner.

Answer: D

NEW QUESTION 13
A user receives a potentially malicious email that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review.
Which of the following commands would MOST likely indicate if the email is malicious?

• A. sha256sum ~/Desktop/file.pdf
• B. file ~/Desktop/file.pdf
• C. strings ~/Desktop/file.pdf | grep "<script"
• D. cat < ~/Desktop/file.pdf | grep -i .exe

Answer: A

NEW QUESTION 14
An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems.
As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue?

• A. Copies of prior audits that did not identify the servers as an issue
• B. Project plans relating to the replacement of the servers that were approved by management
• C. Minutes from meetings in which risk assessment activities addressing the servers were discussed
• D. ACLs from perimeter firewalls showing blocked access to the servers
• E. Copies of change orders relating to the vulnerable servers

Answer: C

NEW QUESTION 15
A team of security analysts has been alerted to potential malware activity. The initial examination indicates one of the affected workstations is beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team’s NEXT step during the detection phase of this response process?

• A. Escalate the incident to management, who will then engage the network infrastructure team to keep them informed.
• B. Depending on system criticality, remove each affected device from the network by disabling wired and wireless connections.
• C. Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses.
• D. Identify potentially affected systems by creating a correlation search in the SIEM based on the network traffic.

Answer: D

NEW QUESTION 16
A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet.
Which of the following solutions would meet this requirement?

• A. Establish a hosted SSO.
• B. Implement a CASB.
• C. Virtualize the server.
• D. Air gap the server.

Answer: D

NEW QUESTION 17
Which of the following is the MOST important objective of a post-incident review?

• A. Capture lessons learned and improve incident response processes
• B. Develop a process for containment and continue improvement efforts
• C. Identify new technologies and strategies to remediate
• D. Identify a new management strategy

Answer: A

NEW QUESTION 18
......