Venture into the world of certification, equipped with the unparalleled arsenal of knowledge that is the CS0-002 dumps. Calibrated to perfection to mirror the evolving nuances of the syllabus, the CS0-002 dumps offer an extensive array of practice questions, fortifying your understanding. Be it the structured harmony of PDFs that resonates or the immersive experience offered by the VCE format that enthralls, the CS0-002 dumps stand tall. An all-encompassing study guide, intertwined with the CS0-002 dumps, breaks down intricate concepts into digestible bits, ensuring no stone is left unturned. With unwavering confidence in these materials, we resolutely stand by our 100% Pass Guarantee.
[Hot Arrival] Experience exam excellence with the gratis CS0-002 PDF and Exam Questions, backed by a success guarantee
Question 1:
Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Select THREE).
A. VLANs
B. OS
C. Trained operators
D. Physical access restriction
E. Processing power
F. Hard drive capacity
Correct Answer: BCD
Question 2:
A technician recently fixed a computer with several viruses and spyware programs on it and notices the Internet settings were set to redirect all traffic through an unknown proxy. This type of attack is known as which of the following?
A. Phishing
B. Social engineering
C. Man-in-the-middle
D. Shoulder surfing
Correct Answer: C
Question 3:
A Chief Security Officer (CSO) is working on the communication requirements (or an organization\’s incident response plan. In addition to technical response activities, which of the following is the main reason why communication must be addressed in an effective incident response program?
A. Public relations must receive information promptly in order to notify the community.
B. Improper communications can create unnecessary complexity and delay response actions.
C. Organizational personnel must only interact with trusted members of the law enforcement community.
D. Senior leadership should act as the only voice for the incident response team when working with forensics teams.
Correct Answer: B
Question 4:
In response to an audit finding, a company\’s Chief information Officer (CIO) instructed the security department to Increase the security posture of the vulnerability management program. Currency, the company\’s vulnerability management program has the following attributes.
Which of the following would BEST Increase the security posture of the vulnerably management program?
A. Expand the ports Being scanned lo Include al ports increase the scan interval to a number the business win accept without causing service interruption. Enable authentication and perform credentialed scans
B. Expand the ports being scanned to Include all ports. Keep the scan interval at its current level Enable authentication and perform credentialed scans.
C. Expand the ports being scanned to Include at ports increase the scan interval to a number the business will accept without causing service Interruption. Continue unauthenticated scans.
D. Continue scanning the well-known ports increase the scan interval to a number the business will accept without causing service Interruption. Enable authentication and perform credentialed scans.
Correct Answer: A
Question 5:
Which of the allowing is a best practice with regard to interacting with the media during an incident?
A. Allow any senior management level personnel with knowledge of the incident to discuss it.
B. Designate a single port of contact and at least one backup for contact with the media.
C. Stipulate that incidents are not to be discussed with the media at any time during the incident.
D. Release financial information on the impact of damages caused by the incident.
Correct Answer: B
Question 6:
An analyst needs to provide a recommendation that will allow a custom-developed application to have full access to the system\’s processors and peripherals but still be contained securely from other applications that will be developed. Which of the following is the BEST technology for the analyst to recommend?
A. Software-based drive encryption
B. Trusted execution environment
C. Unified Extensible Firmware Interface
D. Hardware security module
Correct Answer: B
Question 7:
A security analyst wants to capture large amounts of network data that will be analyzed at a later time. The packet capture does not need to be in a format that is readable by humans, since it will be put into a binary file called “packetCapture”. The capture must be as efficient as possible, and the analyst wants to minimize the likelihood that packets will be missed. Which of the following commands will BEST accomplish the analyst\’s objectives?
A. tcpdump -w packetCapture
B. tcpdump -a packetCapture
C. tcpdump -n packetCapture
D. nmap -v > packetCapture
E. nmap -oA > packetCapture
Correct Answer: A
The -w flag allows tcpdump to save the captured packets in a file. The file will be in a binary format that can be processed by other tools, but not easily readable by humans.
The other options are incorrect because:
-a is not a valid flag for tcpdump.
-n is a flag that tells tcpdump to not convert IP addresses and port numbers to names, but it does not affect the output format of the packets.
nmap is a tool used for network discovery and security auditing, but it is not the best choice for capturing packets. The -v and -oA flags are also not relevant for packet capture.
Reference: https://www.tcpdump.org/manpages/tcpdump.1.html
Question 8:
A reverse engineer was analyzing malware found on a retailer\’s network and found code extracting track data in memory. Which of the following threats did the engineer MOST likely uncover?
A. POS malware
B. Rootkit
C. Key logger
D. Ransomware
Correct Answer: A
Question 9:
During a review of vulnerability scan results, an analyst determines the results may be flawed because a control-baseline system, which is used to evaluate a scanning tool\’s effectiveness, was reported as not vulnerable. Consequently, the analyst verifies the scope of the scan included the control-baseline host, which was available on the network during the scan. The use of a control-baseline endpoint in this scenario assists the analyst in confirming:
A. verification of mitigation.
B. false positives.
C. false negatives.
D. the criticality index.
E. hardening validation.
Correct Answer: C
https://www.examtopics.com/discussions/comptia/view/53829-exam-cs0-002-topic-1-question-145-discussion/
Question 10:
The human resources division is moving all of its applications to an IaaS cloud. The Chief Information Officer (CIO) has asked the security architect to design the environment securely to prevent the IaaS provider from accessing its data-atrest and data-in-transit within the infrastructure. Which of the following security controls should the security architect recommend?
A. Implement a non-data breach agreement
B. Ensure all backups are remote outside the control of the IaaS provider
C. Ensure all of the IaaS provider\’s workforce passes stringent background checks
D. Render data unreadable through the use of appropriate tools and techniques
Correct Answer: D
Question 11:
During a red team engagement, a penetration tester found a production server. Which of the following portions of the SOW should be referenced to see if the server should be part of the testing engagement?
A. Authorization
B. Exploitation
C. Communication
D. Scope
Correct Answer: D
Question 12:
Which of the following threat classifications would MOST likely use polymorphic code?
A. Known threat
B. Zero-day threat
C. Unknown threat
D. Advanced persistent threat
Correct Answer: A
Question 13:
A cybersecurity analyst is working with a SIEM tool and reviewing the following table:
When creating a rule in the company\’s SIEM, which of the following would be the BEST approach for the analyst to use to assess the risk level of each vulnerability that is discovered by the vulnerability assessment tool?
A. Create a trend with the table and join the trend with the desired rule to be able to extract the risk level of each vulnerability
B. Use Boolean filters in the SIEM rule to take advantage of real-time processing and RAM to store the table dynamically, generate the results faster, and be able to display the table in a dashboard or export it as a report
C. Use a static table stored on the disk of the SIEM system to correlate its data with the data ingested by the vulnerability scanner data collector
D. Use the table as a new index or database for the SIEM to be able to use multisearch and then summarize the results as output
Correct Answer: B
Question 14:
A security analyst scanned an internal company subnet and discovered a host with the following Nmap output.
Based on the output of this Nmap scan, which of the following should the analyst investigate FIRST?
A. Port 22
B. Port 135
C. Port 445
D. Port 3389
Correct Answer: A
Question 15:
An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions. the user\’s account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis. The organization has the following reporting priorities when reviewing system activity:
1.
Successful administrator login reporting priority – high
2.
Failed administrator login reporting priority – medium
3.
Failed temporary elevated permissions – low
4.
Successful temporary elevated permissions – non-reportable
A security analyst is reviewing server syslogs and sees the following:
Which of the following events is the HIGHEST reporting priority?
A. 2 2020-01-10T20:36:01.010Z financeserver sudo 201 32001 – BOM \’sudo vi users.txt\’ success
B. 2 2020-01-10T21:18:34.002Z adminserver sudo 201 32001 – BOM \’sudo more /etc/passwords\’ success
C. 2 2020-01-10T19:33:48.002Z webserver su 201 32001 – BOM \’su\’ success
D. 2 2020-01-10T21:53:11.002Z financeserver su 201 32001 – BOM \’su vi syslog.conf failed for joe
Correct Answer: C
According to the organization\’s reporting priorities, a successful administrator login is a high priority, and a failed administrator login is a medium priority. In this log message, the user is attempting to log in to the administrator account using the “su” command, which suggests that the user is attempting to gain elevated privileges. Therefore, this event is a failed administrator login, which is a medium reporting priority.
In comparison, the other log messages in the choices provided involve the use of the “sudo” command, which indicates that the user is attempting to temporarily escalate permissions rather than logging in to the administrator account. As such, these events would not be considered administrator login events and would not be considered high or medium reporting priorities. Instead, they would be considered temporary elevated permissions events, which have a low or non-reportable reporting priority according to the organization\’s reporting priorities.