• Home
  • Articles
  • [Nov-2021] Latest CompTIA CS0-002 exam dumps and online Test Engine [Q80-Q104]

[Nov-2021] Latest CompTIA CS0-002 exam dumps and online Test Engine [Q80-Q104]

Share

[Nov-2021] Latest CompTIA CS0-002 exam dumps and online Test Engine

CompTIA CS0-002: Selling CompTIA CySA+ Products and Solutions


What is the Passing Score, Duration & Questions for the CompTIA CS0-002 Exam

  • Format: Multiple choices, multiple answers
  • Passing score: 750 (on a scale of 100-900)
  • Length of Exam: 165 minutes
  • Language: English, Japanese, TBD , others
  • Number of Questions: 85

 

NEW QUESTION 80
A security analyst received a series of antivirus alerts from a workstation segment, and users reported ransomware messages. During lessons- learned activities, the analyst determines the antivirus was able to alert to abnormal behavior but did not stop this newest variant of ransomware. Which of the following actions should be taken to BEST mitigate the effects of this type of threat in the future?

  • A. Enabling sandboxing technology
  • B. Purchasing cyber insurance
  • C. Installing a firewall between the workstations and Internet
  • D. Enabling application blacklisting

Answer: A

 

NEW QUESTION 81
An employee in the billing department accidentally sent a spreadsheet containing payment card data to a recipient outside the organization.
The employee intended to send the spreadsheet to an internal staff member with a similar name and was unaware of the mistake until the recipient replied to the message.
In addition to retraining the employee, which of the following would prevent this from happening in the future?

  • A. Set the outgoing mail filter to strip spreadsheet attachments from all messages.
  • B. Implement outgoing filter rules to quarantine messages that contain card data
  • C. Remove all external recipients from the employee's address book
  • D. Configure the outgoing mail filter to allow attachments only to addresses on the whitelist

Answer: D

 

NEW QUESTION 82
A security analyst is adding input to the incident response communication plan.
A company officer has suggested that if a data breach occurs, only affected parties should be notified to keep an incident from becoming a media headline.
Which of the following should the analyst recommend to the company officer?

  • A. The HR department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so the company cannot be held liable for customer data that might be viewed during an investigation.
  • B. The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody.
  • C. Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgements from non-compliance.
  • D. An externally hosted website should be prepared in advance to ensure that when an incident occurs victims have timely access to notifications from a non-compromised recourse.

Answer: B

 

NEW QUESTION 83
A technician receives the following security alert from the firewall's automated system:

After reviewing the alert, which of the following is the BEST analysis?

  • A. This alert indicates an endpoint may be infected and is potentially contacting a suspect host.
  • B. This alert indicates a user was attempting to bypass security measures using dynamic DNS.
  • C. This alert is a false positive because DNS is a normal network function.
  • D. This alert was generated by the SIEM because the user attempted too many invalid login attempts.

Answer: A

 

NEW QUESTION 84
A vulnerability scan has returned the following information:

Which of the following describes the meaning of these results?

  • A. There is an unknown bug in a Lotus server with no Bugtraq ID.
  • B. Connecting to the host using a null session allows enumeration of share names.
  • C. No CVE is present, so it is a false positive caused by Lotus running on a Windows server.
  • D. Trend Micro has a known exploit that must be resolved or patched.

Answer: B

 

NEW QUESTION 85
After reading about data breaches at a competing company, senior leaders in an organization have grown increasingly concerned about social engineering attacks. They want to increase awareness among staff regarding this threat, but do not want to use traditional training methods because they regard these methods as ineffective. Which of the following approaches would BEST meet the requirements?

  • A. USB drives randomly placed inside and outside the organization that contain a pop-up warning to any users who plug the drive into their computer
  • B. A poster contest to raise awareness of PII and asking employees to provide examples of data breaches and consequences
  • C. Simulated phishing emails asking employees to reply to the email with their updated phone number and office location
  • D. Classroom training on the dangers of social media followed by a test and gift certificates for any employee getting a perfect score.

Answer: D

 

NEW QUESTION 86
During a quarterly review of user accounts and activity, a security analyst noticed that after a password reset the head of human resources has been logging in from multiple locations, including several overseas. Further review of the account showed access rights to a number of corporate applications, including a sensitive accounting application used for employee bonuses.
Which of the following security methods could be used to mitigate this risk?

  • A. Context-based authentication
  • B. Privilege escalation restrictions
  • C. Elimination of self-service password resets
  • D. RADIUS identity management

Answer: A

 

NEW QUESTION 87
Which of the following is a best practice when sending a file/data to another individual in an organization?

  • A. Compress and then encrypt the file.
  • B. When encrypting, split the file: and then compress each file.
  • C. Encrypt and then compress the file.
  • D. Encrypt the file but do not compress it.

Answer: A

 

NEW QUESTION 88
An organization wants to harden its web servers. As part of this goal, leadership has directed that vulnerability scans be performed, and the security team should remediate the servers according to industry best practices. The team has already chosen a vulnerability scanner and performed the necessary scans, and now the team needs to prioritize the fixes. Which of the following would help to prioritize the vulnerabilities for remediation in accordance with industry best practices?

  • A. OpenVAS
  • B. ITIL
  • C. SLA
  • D. Qualys
  • E. CVSS

Answer: E

 

NEW QUESTION 89
A security analyst is attempting to utilize the blowing threat intelligence for developing detection capabilities:

In which of the following phases is this APT MOST likely to leave discoverable artifacts?

  • A. Lateral movement
  • B. Reconnaissance
  • C. Defensive evasion
  • D. Data collection/exfiltration

Answer: D

 

NEW QUESTION 90
A vulnerability analyst needs to identify all systems with unauthorized web servers on the
10.1.1.0/24 network. The analyst uses the following default Nmap scan:
nmap -sV -p 1-65535 10.1.1.0/24
Which of the following would be the result of running the above command?

  • A. This scan probes all ports and returns open ones.
  • B. This scan checks all TCP ports.
  • C. This scan checks all TCP ports and returns versions.
  • D. This scan identifies unauthorized servers.

Answer: C

 

NEW QUESTION 91
During a red team engagement, a penetration tester found a production server. Which of the following portions of the SOW should be referenced to see if the server should be part of the testing engagement?

  • A. Scope
  • B. Communication
  • C. Exploitation
  • D. Authorization

Answer: A

 

NEW QUESTION 92
An organization has several systems that require specific logons Over the past few months, the security analyst has noticed numerous failed logon attempts followed by password resets. Which of the following should the analyst do to reduce the occurrence of legitimate failed logons and password resets?

  • A. Implement multifactor authentication
  • B. Perform a manual privilege review
  • C. Use SSO across all applications
  • D. Adjust the current monitoring and logging rules

Answer: C

 

NEW QUESTION 93
A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month.
The affected servers are virtual machines.
Which of the following is the BEST course of action?

  • A. Disconnect the affected servers from the network, use the virtual machine console to access the systems, determine which information has left the network, find the security weakness, and remediate
  • B. Report the data exfiltration to management take the affected servers offline, conduct an antivirus scan, remediate all threats found, and return the servers to service.
  • C. Determine if any other servers have been affected, snapshot any servers found, determine the vector that was used to allow the data exfiltration. fix any vulnerabilities, remediate, and report.
  • D. Shut down the servers as soon as possible, move them to a clean environment, restart, run a vulnerability scanner to find weaknesses determine the root cause, remediate, and report

Answer: D

 

NEW QUESTION 94
Hotspot Question
A security analyst performs various types of vulnerability scans. You must review the vulnerability scan results to determine the type of scan that was executed and determine if a false positive occurred for each device.
Instructions:
Select the drop option for whether the results were generated from a credentialed scan, non- credentialed scan, or a compliance scan.
For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives.
NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time. Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.
The Linux Web Server, File-Print Server and Directory Server are draggable. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Answer:

Explanation:

 

NEW QUESTION 95
An organization was alerted to a possible compromise after its proprietary data was found for sale on the Internet. An analyst is reviewing the logs from the next-generation UTM in an attempt to find evidence of this breach. Given the following output:

Which of the following should be the focus of the investigation?

  • A. sftp.org-dmz.org
  • B. ftps.bluemed.net
  • C. webserver.org-dmz.org
  • D. 83hht23.org-int.org

Answer: C

 

NEW QUESTION 96
A development team is testing a new application release. The team needs to import existing client PHI data records from the production environment to the test environment to test accuracy and functionality.
Which of the following would BEST protect the sensitivity of this data while still allowing the team to perform the testing?

  • A. Encryption
  • B. Encoding
  • C. Deidentification
  • D. Watermarking

Answer: C

 

NEW QUESTION 97
Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below:
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.s/soap/envelope/
"><s:Body><GetIPLocation+xmlns="http://tempuri.org/">
<request+xmlns:a="http://schemas.somesite.org"+xmlns:i="http://www.w3.org/2001/XMLSchema-instance
"></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22 POST /services/v1_0/Public/Members.svc/soap
<<a:Password>Password123</a:Password><a:ResetPasswordToken+i:nil="true"/>
<a:ShouldImpersonatedAuthenticationBePopulated+i:nil="true"/><a:Username>[email protected]
192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.xmlsoap.org/soap
/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/">
<a:IPAddress>516.7.446.605</a:IPAddress><a:ZipCode+i:nil="true"/></request></GetIPLocation></s:Body><
192.168.1.22 - - api.somesite.com 200 0 1003 1011 307 192.168.1.22
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="
http://schemas.xmlsoap.org/soap/envelope/ http://tempuri.org/">
<request+xmlns:a="http://schemas.datacontract.org/2004/07/somesite.web+xmlns:i="
http://www.w3.org/2001/XMLSch
<a:ApiToken>kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd</a:ApiToken><a:ImpersonateUserId>0<
<a:NetworkId>4</a:NetworkId><a:ProviderId>''1=1</a:ProviderId><a:UserId>13026046</a:UserId></a:Authe
192.168.5.66 - - api.somesite.com 200 0 1378 1209 48 192.168.4.89
Which of the following MOST likely explains how the clients' accounts were compromised?

  • A. The clients' authentication tokens were impersonated and replayed.
  • B. An XSS scripting attack was carried out on the server.
  • C. A SQL injection attack was carried out on the server.
  • D. The clients' usernames and passwords were transmitted in cleartext.

Answer: A

 

NEW QUESTION 98
In reviewing firewall logs, a security analyst has discovered the following IP address, which several employees are using frequently:
152.100.57.18
The organization's servers use IP addresses in the 192.168.0.1/24 CIDR. Additionally, the analyst has noticed that corporate data is being stored at this new location. A few of these employees are on the management and executive management teams. The analyst has also discovered that there is no record of this IP address or service in reviewing the known locations of managing system assets. Which of the following is occurring in this scenario?

  • A. Data exfiltration
  • B. Unauthorized access
  • C. Unauthorized change
  • D. Malicious process

Answer: A

 

NEW QUESTION 99
A security analyst implemented a solution that would analyze the attacks that the organization's firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command.
S sudo nc -1 -v -c maildemon . py 25 caplog, txt
Which of the following solutions did the analyst implement?

  • A. Log collector
  • B. Honeypot
  • C. Snikhole
  • D. Crontab mail script

Answer: A

 

NEW QUESTION 100
A cybersecurity analyst develops a regular expression to find data within traffic that will alarm on a hit.

The SIEM alarms on seeing this data in cleartext between the web server and the database server.

Which of the following types of data would the analyst MOST likely to be concerned with, and to which type of data classification does it belong?

  • A. Social security numbers that are PII
  • B. Credit card numbers that are PII
  • C. Credit card numbers that are PCI
  • D. Social security numbers that are PHI

Answer: C

 

NEW QUESTION 101
A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output.

Which of the following commands should the administrator run NEXT to further analyze the compromised system?

  • A. rpm -V openash-server
  • B. kill -9 1301
  • C. /bin/la -1 /proc/1301/exe
  • D. strace /proc/1301

Answer: D

 

NEW QUESTION 102
During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:

To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and.

  • A. DST 172.10.45.5.
  • B. DST 138.10.2.5.
  • C. DST 138.10.25.5.
  • D. DST 175.35.20.5.
  • E. DST 172.10.3.5.

Answer: B

 

NEW QUESTION 103
A security analyst has received reports of very slow, intermittent access to a public-facing corporate server.
Suspecting the system may be compromised, the analyst runs the following commands:

Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?

  • A. Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.
  • B. Run kill -9 1325 to bring the load average down so the server is usable again.
  • C. Examine the server logs for further indicators of compromise of a web application.
  • D. Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.

Answer: C

 

NEW QUESTION 104
......

New 2021 CS0-002 Test Tutorial (Updated 299 Questions): https://www.pass4sures.top/CompTIA-CySA/CS0-002-testking-braindumps.html

Reliable CS0-002 Exam Tips Test Pdf Exam Material: https://drive.google.com/open?id=1dSB0A-P-nQo_LEqYC6z956r91OXxllBE 

Related Articles

more
CompTIA CS0-002 Certification Practice Exam