CS0-002 | Free CompTIA CS0-002 Exam Engine Online

NEW QUESTION 1
A company's marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party in1marketingpartners.com Below is the exiting SPP word:

Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 2
Risk management wants IT to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet.
Which of the following would BEST provide this solution?

• A. File fingerprinting
• B. Decomposition of malware
• C. Risk evaluation
• D. Sandboxing

Answer: D

NEW QUESTION 3
A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month The affected servers are virtual machines Which of the following is the BEST course of action?

• A. Shut down the servers as soon as possible, move them to a clean environment, restart, run a vulnerability scanner to find weaknesses determine the root cause, remediate, and report
• B. Report the data exfiltration to management take the affected servers offline, conduct an antivirus scan, remediate all threats found, and return the servers to service.
• C. Disconnect the affected servers from the network, use the virtual machine console to access the systems, determine which information has left the network, find the security weakness, and remediate
• D. Determine if any other servers have been affected, snapshot any servers found, determine the vector that was used to allow the data exfiltratio
• E. fix any vulnerabilities, remediate, and report.

Answer: A

NEW QUESTION 4
An organization was alerted to a possible compromise after its proprietary data was found for sale on the Internet. An analyst is reviewing the logs from the next-generation UTM in an attempt to find evidence of this breach. Given the following output:

Which of the following should be the focus of the investigation?

• A. webserver.org-dmz.org
• B. sftp.org-dmz.org
• C. 83hht23.org-int.org
• D. ftps.bluemed.net

Answer: A

NEW QUESTION 5
A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.
Tool A reported the following:

Tool B reported the following:

Which of the following BEST describes the method used by each tool? (Choose two.)

• A. Tool A is agent based.
• B. Tool A used fuzzing logic to test vulnerabilities.
• C. Tool A is unauthenticated.
• D. Tool B utilized machine learning technology.
• E. Tool B is agent based.
• F. Tool B is unauthenticated.

Answer: CE

NEW QUESTION 6
A security administrator needs to create an IDS rule to alert on FTP login attempts by root. Which of the following rules is the BEST solution?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 7
As part of an exercise set up by the information security officer, the IT staff must move some of the network systems to an off-site facility and redeploy them for testing. All staff members must ensure their respective systems can power back up and match their gold image. If they find any inconsistencies, they must formally document the information.
Which of the following BEST describes this test?

• A. Walk through
• B. Full interruption
• C. Simulation
• D. Parallel

Answer: C

NEW QUESTION 8
Which of the following technologies can be used to store digital certificates and is typically used in high-security implementations where integrity is paramount?

• A. HSM
• B. eFuse
• C. UEFI
• D. Self-encrypting drive

Answer: A

NEW QUESTION 9
A finance department employee has received a message that appears to have been sent from the Chief Financial Officer (CFO) asking the employee to perform a wife transfer Analysis of the email shows the message came from an external source and is fraudulent. Which of the following would work BEST to improve the likelihood of employees quickly recognizing fraudulent emails?

• A. Implementing a sandboxing solution for viewing emails and attachments
• B. Limiting email from the finance department to recipients on a pre-approved whitelist
• C. Configuring email client settings to display all messages in plaintext when read
• D. Adding a banner to incoming messages that identifies the messages as external

Answer: D

NEW QUESTION 10
A security analyst is reviewing the following log from an email security service.

Which of the following BEST describes the reason why the email was blocked?

• A. The To address is invalid.
• B. The email originated from the www.spamfilter.org URL.
• C. The IP address and the remote server name are the same.
• D. The IP address was blacklisted.
• E. The From address is invalid.

Answer: D

NEW QUESTION 11
A user receives a potentially malicious email that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review.
Which of the following commands would MOST likely indicate if the email is malicious?

• A. sha256sum ~/Desktop/file.pdf
• B. file ~/Desktop/file.pdf
• C. strings ~/Desktop/file.pdf | grep "<script"
• D. cat < ~/Desktop/file.pdf | grep -i .exe

Answer: A

NEW QUESTION 12
A company's modem response team is handling a threat that was identified on the network Security analysts have as at remote sites. Which of the following is the MOST appropriate next step in the incident response plan?

• A. Quarantine the web server
• B. Deploy virtual firewalls
• C. Capture a forensic image of the memory and disk
• D. Enable web server containerization

Answer: B

NEW QUESTION 13
A security analyst was alerted to a tile integrity monitoring event based on a change to the vhost-paymonts .c onf file The output of the diff command against the known-good backup reads as follows

Which of the following MOST likely occurred?

• A. The file was altered to accept payments without charging the cards
• B. The file was altered to avoid logging credit card information
• C. The file was altered to verify the card numbers are valid.
• D. The file was altered to harvest credit card numbers

Answer: A

NEW QUESTION 14
A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT.
Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?

• A. Attack vectors
• B. Adversary capability
• C. Diamond Model of Intrusion Analysis
• D. Kill chain
• E. Total attack surface

Answer: B

NEW QUESTION 15
An analyst is reviewing a list of vulnerabilities, which were reported from a recent vulnerability scan of a Linux server.
Which of the following is MOST likely to be a false positive?

• A. OpenSSH/OpenSSL Package Random Number Generator Weakness
• B. Apache HTTP Server Byte Range DoS
• C. GDI+ Remote Code Execution Vulnerability (MS08-052)
• D. HTTP TRACE / TRACK Methods Allowed (002-1208)
• E. SSL Certificate Expiry

Answer: E

NEW QUESTION 16
A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.
Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)

• A. Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities.
• B. Remove the servers reported to have high and medium vulnerabilities.
• C. Tag the computers with critical findings as a business risk acceptance.
• D. Manually patch the computers on the network, as recommended on the CVE website.
• E. Harden the hosts on the network, as recommended by the NIST framework.
• F. Resolve the monthly job issues and test them before applying them to the production network.

Answer: CE

NEW QUESTION 17
A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the following should the cybersecurity analyst do FIRST?

• A. Apply the required patches to remediate the vulnerability.
• B. Escalate the incident to senior management for guidance.
• C. Disable all privileged user accounts on the network.
• D. Temporarily block the attacking IP address.

Answer: A

NEW QUESTION 18
Which of the following types of policies is used to regulate data storage on the network?

• A. Password
• B. Acceptable use
• C. Account management
• D. Retention

Answer: D

NEW QUESTION 19
......