This page was exported from Exam for engine [ http://blog.test4engine.com ]

Export date:Mon Nov 18 2:27:12 2024 / +0000 GMT

___________________________________________________


Title: Updated Nov-2023 Pass CS0-002 Exam - Real Practice Test Questions [Q118-Q140]

---------------------------------------------------



 Updated Nov-2023 Pass CS0-002 Exam - Real Practice Test Questions
Download Free CompTIA CS0-002 Real Exam Questions


NO.118 Which of the following solutions is the BEST method to prevent unauthorized use of an API?
 HTTPS
 Geofencing
 Rate liming
 Authentication
NO.119 A vulnerability scan has returned the following information:Which of the following describes the meaning of these results?
 There is an unknown bug in a Lotus server with no Bugtraq ID.
 Connecting to the host using a null session allows enumeration of share names.
 Trend Micro has a known exploit that must be resolved or patched.
 No CVE is present, so it is a false positive caused by Lotus running on a Windows server.
NO.120 A security analyst discovers the accounting department is hosting an accounts receivable form on a public document service. Anyone with the link can access it. Which of the following threats applies to this situation?
 Potential data loss to external users
 Loss of public/private key management
 Cloud-based authentication attack
 Identification and authentication failures
Potential data loss to external users is a threat that applies to this situation, where the accounting department is hosting an accounts receivable form on a public document service. Anyone with the link can access it. Data loss is an event that results in the destruction, corruption, or unauthorized disclosure of sensitive or confidential data. Data loss can occur due to various reasons, such as human error, hardware failure, malware infection, or cyberattack. In this case, hosting an accounts receivable form on a public document service exposes the data to potential data loss to external users who may access it without authorization or maliciously modify or delete it .NO.121 A cybersecurity analyst has received an alert that well-known “call home” messages are continuously observed by network sensors at the network boundary.The proxy firewall successfully drops the messages. After determining the alert was a true positive, which of the following represents the MOST likely cause?
 Attackers are running reconnaissance on company resources.
 Commands are attempting to reach a system infected with a botnet trojan.
 An insider is trying to exfiltrate information to a remote network.
 Malware is running on a company system.
NO.122 An organization is conducting penetration testing to identify possible network vulnerabilities. The penetration tester has received the following output from the latest scan:The penetration tester knows the organization does not use Timbuktu servers and wants to have Nmap interrogate the ports on the target in more detail. Which of the following commands should the penetration tester use NEXT?
 nmap -sV 192.168.1.13 -p1417
 nmap -sS 192.168.1.13 -p1417
 sudo nmap -sS 192.168.1.13
 nmap 192.168.1.13 -v
NO.123 During an audit several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products Which of the following would be the BEST way to locate this issue?
 Reduce the session timeout threshold
 Deploy MFA for access to the web server
 Implement input validation
 Run a static code scan
In this scenario, the issue is related to manipulation of the public-facing web form, indicating that attackers might be altering the prices before submitting the form. One of the best ways to prevent such attacks is to implement input validation, which can help ensure that the data submitted to the web form is correct, complete, and in the expected format. Input validation can also help prevent SQL injection and other types of web-based attacks.NO.124 An information security analyst is compiling data from a recent penetration test and reviews the following output:The analyst wants to obtain more information about the web-based services that are running on the target. Which of the following commands would most likely provide the needed information?
 ping -t 10.79.95.173,rdns.datacenter.com
 telnet 10.79.95.17.17 443
 ftpd 10.79.95.173.rdns.datacenters.com 443
 tracert 10.79,,95,173
Telnet is a command-line tool that can be used to connect to a remote host on a specified port, and to send or receive data over that connection. Telnet can be used to obtain more information about the web-based services that are running on the target, by interacting with them or observing their responses. For example, telnet 10.79.95.173 443 would connect to the target on port 443, which is commonly used for HTTPS or SSL/TLS encrypted web traffic.NO.125 A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment. Which of the following would be the BEST method to protect the company’s data?
 Implement UEM on an systems and deploy security software.
 Implement DLP on all workstations and block company data from being sent outside the company
 Implement a CASB and prevent certain types of data from being downloaded to a workstation
 Implement centralized monitoring and logging for an company systems.
Cloud Access Security Broker (CASB): An enterprise management software designed to mediate access to cloud services by users across all types of devicesNO.126 During an investigation, a security analyst identified machines that are infected with malware the antivirus was unable to detect.Which of the following is the BEST place to acquire evidence to perform data carving?
 The system memory
 The hard drive
 Network packets
 The Windows Registry
NO.127 A company is moving from the use of web servers hosted in an internal datacenter to a containerized cloud platform. An analyst has been asked to identify indicators of compromise in the containerized environment.Which of the following would BEST indicate a running container has been compromised?
 A container from an approved software image has drifted
 An approved software orchestration container is running with root privileges
 A container from an approved software image has stopped responding
 A container from an approved software image fails to start
NO.128 The SOC has received reports of slowness across all workstation network segments. The currently installed antivirus has not detected anything, but a different anti-malware product was just downloaded and has revealed a worm is spreading Which of the following should be the NEXT step in this incident response?
 Enable an ACL on all VLANs to contain each segment
 Compile a list of loCs so the IPS can be updated to halt the spread.
 Send a sample of the malware to the antivirus vendor and request urgent signature creation.
 Begin deploying the new anti-malware on all uninfected systems.
NO.129 Industry partners from critical infrastructure organizations were victims of attacks on their SCADA devices.The attacker was able to gain access to the SCADA by logging in to an account with weak credentials. Which of the following identity and access management solutions would help to mitigate this risk?
 Multifactor authentication
 Manual access reviews
 Endpoint detection and response
 Role-based access control
ExplanationRBAC helps organizations manage access to critical infrastructure networks by assigning access based on roles. This allows organizations to control who can access specific resources and helps eliminate weak credentials that attackers could exploit. Manual reviews and endpoint detection and response can also help to mitigate risk, but role based access control is the best solution for this scenario.NO.130 An information security analyst is working with a data owner to identify the appropriate controls to preserve the confidentiality of data within an enterprise environment One of the primary concerns is exfiltration of data by malicious insiders Which of the following controls is the MOST appropriate to mitigate risks?
 Data deduplication
 OS fingerprinting
 Digital watermarking
 Data loss prevention
NO.131 A security technician is testing a solution that will prevent outside entities from spoofing the company’s email domain, which is comptiA.org. The testing is successful, and the security technician is prepared to fully implement the solution.Which of the following actions should the technician take to accomplish this task?
 Add TXT @ “v=spf1 mx include:_spf.comptiA.org all” to the DNS record.
 Add TXT @ “v=spf1 mx include:_spf.comptiA.org all” to the email server.
 Add TXT @ “v=spf1 mx include:_spf.comptiA.org +all” to the domain controller.
 Add TXT @ “v=spf1 mx include:_spf.comptiA.org +all” to the web server.
Reference: https://blog.finjan.com/email-spoofing/NO.132 A security analyst notices the following proxy log entries:Which of the following is the user attempting to do based on the log entries?
 Use a DoS attack on external hosts.
 Exfiltrate data.
 Scan the network.
 Relay email.
Scanning the network is what the user is attempting to do based on the log entries. The log entries show that the user is sending ping requests to various IP addresses on different ports using a proxy server. Ping requests are a common network diagnostic tool that can be used to test network connectivity and latency by sending packets of data and measuring their response time. However, ping requests can also be used by attackers to scan the network and discover active hosts, open ports, or potential vulnerabilities .NO.133 A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.Instructions:Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.The Linux Web Server, File-Print Server and Directory Server are draggable.If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.
NO.134 During which of the following NIST risk management framework steps would an information system security engineer identify inherited security controls and tailor those controls to the system?
 Categorize
 Select
 Implement
 Access
NO.135 Massivelog log has grown to 40GB on a Windows server At this size, local tools are unable to read the file, and it cannot be moved off the virtual server where it is located. Which of the following lines of PowerShell script will allow a user to extract the last 10.000 lines of the loq for review?
 tail -10000 Massivelog.log > extract.txt
 info tail n -10000 Massivelog.log | extract.txt;
 get content ‘./Massivelog.log’ -Last 10000 | extract.txt
 get-content ‘./Massivelog.log’ -Last 10000 > extract.txt;
https://social.technet.microsoft.com/Forums/en-US/d7a84189-fa3f-4431-8b03-30a7d57d076a/getcontent-read-last-line-and-action?forum=winserverpowershellNO.136 A security analyst sees the following OWASP ZAP output from a scan that was performed against a modern version of Windows while testing for client-side vulnerabilities:Which of the following is the MOST likely solution to the listed vulnerability?
 Enable the browser’s XSS filter.
 Enable Windows XSS protection
 Enable the browser’s protected pages mode
 Enable server-side XSS protection
NO.137 A Chief Information Security Officer (CISO) is concerned developers have too much visibility into customer data. Which of the following controls should be implemented to BEST address these concerns?
 Data masking
 Data loss prevention
 Data minimization
 Data sovereignty
NO.138 A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.Instructions:Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.The Linux Web Server, File-Print Server and Directory Server are draggable.If at any time you would like to bring back the initial state of the simulation, please select the Reset All button.When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.
ExplanationNO.139 An analyst reviews a recent report of vulnerabilities on a company’s financial application server.Which of the following should the analyst rate as being of the HIGHEST importance to the company’s environment?
 Banner grabbing
 Remote code execution
 SQL injection
 Use of old encryption algorithms
 Susceptibility to XSS
NO.140 A security technician is testing a solution that will prevent outside entities from spoofing the company’s email domain, which is comptia.org. The testing is successful, and the security technician is prepared to fully implement the solution.Which of the following actions should the technician take to accomplish this task?
 Add TXT @ “v=spf1 mx include:_spf.comptia.org −all” to the DNS record.
 Add TXT @ “v=spf1 mx include:_spf.comptia.org −all” to the email server.
 Add TXT @ “v=spf1 mx include:_spf.comptia.org +all” to the domain controller.
 Add TXT @ “v=spf1 mx include:_spf.comptia.org +all” to the web server.
Reference:https://blog.finjan.com/email-spoofing/ Loading …






	
	


CompTIA CySA+ certification exam (CS0-002) is a performance-based exam that tests the skills required to perform the tasks of a cybersecurity analyst. CompTIA Cybersecurity Analyst (CySA+) Certification Exam certification is designed to certify the skills of cybersecurity professionals who are responsible for identifying, preventing, and responding to cyber threats. CompTIA Cybersecurity Analyst (CySA+) Certification Exam certification is ideal for individuals who have at least 3-4 years of hands-on experience in cybersecurity and want to advance their careers in the field of cybersecurity.
 

CS0-002 Dumps 100 Pass Guarantee With Latest Demo: https://www.test4engine.com/CS0-002_exam-latest-braindumps.html


---------------------------------------------------


Images: https://blog.test4engine.com/wp-content/plugins/watu/loading.gif
https://blog.test4engine.com/wp-content/plugins/watu/loading.gif


---------------------------------------------------




---------------------------------------------------


Post date: 2023-11-12 12:02:53

Post date GMT: 2023-11-12 12:02:53

Post modified date: 2023-11-12 12:02:53

Post modified date GMT: 2023-11-12 12:02:53