A Systems Administrator Is Analyzing the Network Traffic and Reviews the Following Packet Snippet

18 March, 2021

Certified CompTIA CS0-002 Exam Prep Online

Proper study guides for Regenerate CompTIA CompTIA Cybersecurity Analyst (CySA+) Certification Exam certified begins with CompTIA CS0-002 grooming products which designed to evangelize the Virtual CS0-002 questions by making you pass the CS0-002 test at your first time. Try the free CS0-002 demo correct now.

Costless demo questions for CompTIA CS0-002 Examination Dumps Below:

Page: ane / fifteen

Total 186 questions

Question one

Which of the following technologies tin be used to house the entropy keys for deejay encryption on desktops and laptops?

A.

Self-encrypting drive

B.

Coach encryption

C.

TPM

D.

HSM

My reply: -

Reference reply: A

Reference analysis:

None

Question 2

A web-based forepart for a business organisation intelligence application uses pass-through authentication to authenticate users The application and so uses a service account, to perform queries and look up data thousand a database A security analyst discovers employees are accessing data sets they accept not been authorized to use. Which of the post-obit will set up the crusade of the issue?

A.

Change the security model to forcefulness the users to admission the database every bit themselves

B.

Parameterize queries to prevent unauthorized SQL queries against the database

C.

Configure database security logging using syslog or a SIEM

D.

Enforce unique session IDs then users do non get a reused session ID

My respond: -

Reference answer: B

Reference analysis:

None

Question iii

An organization has non had an incident for several calendar month. The Principal information Security Officer (CISO) wants to move to proactive stance for security investigations. Which of the following would Best meet that goal?

A.

Root-cause analysis

B.

Agile response

C.

Advanced antivirus

D.

Information-sharing community

E.

Threat hunting

My respond: -

Reference reply: E

Reference analysis:

None

Question 4

Which of the following About accurately describes an HSM?

A.

An HSM is a low-cost solution for encryption.

B.

An HSM can exist networked based or a removable USB

C.

An HSM is slower at encrypting than software

D.

An HSM is explicitly used for MFA

My reply: -

Reference answer: A

Reference analysis:

None

Question 5

An incident responder successfully acquired application binaries off a mobile device for afterwards forensic analysis. Which of the following should the analyst do NEXT?

A.

Decompile each binary to derive the source code.

B.

Perform a mill reset on the afflicted mobile device.

C.

Compute SHA-256 hashes for each binary.

D.

Encrypt the binaries using an authenticated AES-256 way of operation.

Eastward.

Inspect the permissions manifests within each application.

My reply: -

Reference answer: C

Reference analysis:

None

Question six

A security analyst recently discovered two unauthorized hosts on the campus'due south wireless network segment from a man-chiliad-the-middle assail .The security analyst likewise verified that privileges were non escalated, and the two devices did not gain access to other network devices Which of the following would BEST mitigate and improve the security posture of the wireless network for this type of assail?

A.

Enable MAC filtering on the wireless router and propose a stronger encryption for the wireless network,

B.

Modify the SSID, strengthen the passcode, and implement MAC filtering on the wireless router.

C.

Enable MAC filtering on the wireless router and create a whitelist that allows devices on the network

D.

Conduct a wireless survey to determine if the wireless strength needs to exist reduced.

My answer: -

Reference respond: A

Reference analysis:

None

Question 7

A security annotator is investigating a compromised Linux server. The analyst issues the ps command and receives the post-obit output.

Which of the post-obit commands should the administrator run Next to further clarify the compromised system?

A.

strace /proc/1301

B.

rpm -5 openash-server

C.

/bin/la -1 /proc/1301/exe

D.

kill -nine 1301

My answer: -

Reference reply: A

Reference analysis:

None

Question viii

An analyst is working with a network engineer to resolve a vulnerability that was institute in a piece of legacy hardware, which is critical to the performance of the arrangement's production line. The legacy hardware does non have tertiary-party support, and the OEM manufacturer of the controller is no longer in operation. The annotator documents the activities and verifies these actions prevent remote exploitation of the vulnerability.
Which of the following would exist the Most advisable to remediate the controller?

A.

Segment the network to constrain access to authoritative interfaces.

B.

Replace the equipment that has tertiary-political party support.

C.

Remove the legacy hardware from the network.

D.

Install an IDS on the network between the switch and the legacy equipment.

My answer: -

Reference answer: A

Reference analysis:

None

Question 9

It is important to parameterize queries to prevent:

A.

the execution of unauthorized actions against a database.

B.

a memory overflow that executes code with elevated privileges.

C.

the institution of a web crush that would allow unauthorized access.

D.

the queries from using an outdated library with security vulnerabilities.

My respond: -

Reference answer: A

Reference assay:

None

Question x

Every bit part of a merger with another organization, a Chief Information Security Officer (CISO) is working with an assessor to perform a run a risk assessment focused on data privacy compliance. The CISO is primarily concerned with the potential legal liability and fines associated with data privacy. Based on the CISO's concerns, the assessor will MOST likely focus on:

A.

qualitative probabilities.

B.

quantitative probabilities.

C.

qualitative magnitude.

D.

quantitative magnitude.

My answer: -

Reference answer: D

Reference assay:

None

Question 11

Which of the following should be found inside an organization'south acceptable use policy?

A.

Passwords must exist eight characters in length and contain at least one special character.

B.

Customer data must be handled properly, stored on visitor servers, and encrypted when possible

C.

Administrator accounts must be audited monthly, and inactive accounts should be removed.

D.

Consequences of violating the policy could include discipline up to and including termination.

My answer: -

Reference answer: D

Reference analysis:

None

Question 12

During a routine log review, a security analyst has found the following commands that cannot be identified from the Fustigate history log on the root user.

Which of the following commands should the annotator investigate FIRST?

A.

Line 1

B.

Line 2

C.

Line three

D.

Line 4

E.

Line 5

F.

Line vi

My answer: -

Reference answer: B

Reference assay:

None

Question xiii

An organization has not had an incident for several months. The Chief Information Security Officer (CISO) wants to move to a more than proactive stance for security investigations. Which of the following would Best meet that goal?

A.

Root-crusade analysis

B.

Active response

C.

Advanced antivirus

D.

Information-sharing community

E.

Threat hunting

My answer: -

Reference answer: East

Reference analysis:

None

Question 14

A security analyst is attempting to utilise the blowing threat intelligence for developing detection capabilities:

In which of the following phases is this APT Near likely to leave discoverable artifacts?

A.

Data collection/exfiltration

B.

Defensive evasion

C.

Lateral motility

D.

Reconnaissance

My answer: -

Reference reply: A

Reference analysis:

None

Question 15

A security analyst on the threat-hunting squad has developed a list of unneeded, benign services that are currently running every bit role of the standard OS deployment for workstations. The annotator volition provide this list to the operations team to create a policy that volition automatically disable the services for all workstations in the organization.
Which of the post-obit BEST describes the security analyst'south goal?

A.

To create a system baseline

B.

To reduce the assail surface

C.

To optimize system operation

D.

To improve malware detection

My answer: -

Reference answer: B

Reference assay:

None

Question 16

Risk management wants Information technology to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet.
Which of the post-obit would BEST provide this solution?

A.

File fingerprinting

B.

Decomposition of malware

C.

Risk evaluation

D.

Sandboxing

My answer: -

Reference answer: D

Reference assay:

None

Question 17

A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is comptia.org. The testing is successful, and the security technician is prepared to fully implement the solution.
Which of the following deportment should the technician accept to accomplish this job?

A.

Add TXT @ "v=spf1 mx include:_spf.comptia.org all" to the DNS record.

B.

Add TXT @ "5=spf1 mx include:_spf.comptia.org all" to the electronic mail server.

C.

Add TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the domain controller.

D.

Add together TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the web server.

My respond: -

Reference answer: A

Reference analysis:

None

Question 18

A company recently experienced a break-in whereby a number of hardware assets were stolen through unauthorized access at the dorsum of the edifice. Which of the following would BEST prevent this type of theft from occurring in the futurity?

A.

Movement detection

B.

Perimeter fencing

C.

Monitored security cameras

D.

Badged entry

My answer: -

Reference answer: A

Reference analysis:

None

Question nineteen

A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the following should the cybersecurity annotator exercise FIRST?

A.

Apply the required patches to remediate the vulnerability.

B.

Escalate the incident to senior management for guidance.

C.

Disable all privileged user accounts on the network.

D.

Temporarily block the attacking IP address.

My answer: -

Reference answer: A

Reference assay:

None

Question twenty

A organisation administrator is doing network reconnaissance of a company's external network to make up one's mind the vulnerability of diverse services that are running. Sending some sample traffic to the external host, the ambassador obtains the following packet capture:

Based on the output, which of the following services should be further tested for vulnerabilities?

A.

SSH

B.

HTTP

C.

SMB

D.

HTTPS

My answer: -

Reference respond: C

Reference analysis:

None

Page: 1 / 15

Full 186 questions

coxadaying.blogspot.com

Source: https://www.testprepshare.com/certified-comptia-cs0-002-exam-prep-online.html

Share this post