Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
 

CompTIA CS0-002 Exam Actual Questions

The questions for CS0-002 were last updated on July 4, 2024.
  • Viewing page 1 out of 43 pages.
  • Viewing questions 1-10 out of 422 questions

Topic 1 - Single Topic

Question #1 Topic 1

Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?

  • A. Security regression testing
  • B. Code review
  • C. User acceptance testing
  • D. Stress testing
Reveal Solution Hide Solution   Discussion   54

Correct Answer: D 🗳️

Question #2 Topic 1

A security analyst discovers the following firewall log entries during an incident:

Which of the following is MOST likely occurring?

  • A. Banner grabbing
  • B. Port scanning
  • C. Beaconing
  • D. Data exfiltration
Reveal Solution Hide Solution   Discussion   28

Correct Answer: C 🗳️

Question #3 Topic 1

A security analyst is revising a company's MFA policy to prohibit the use of short message service (SMS) tokens. The Chief Information Officer has questioned this decision and asked for justification. Which of the following should the analyst provide as justification for the new policy?

  • A. SMS relies on untrusted, third-party carrier networks.
  • B. SMS tokens are limited to eight numerical characters.
  • C. SMS is not supported on all handheld devices in use.
  • D. SMS is a cleartext protocol and does not support encryption.
Reveal Solution Hide Solution   Discussion   17

Correct Answer: D 🗳️

Question #4 Topic 1

During an incident response procedure, a security analyst collects a hard drive to analyze a possible vector of compromise. There is a Linux swap partition on the hard drive that needs to be checked. Which of the following should the analyst use to extract human-readable content from the partition?

  • A. strings
  • B. head
  • C. fsstat
  • D. dd
Reveal Solution Hide Solution   Discussion   32

Correct Answer: D 🗳️

Question #5 Topic 1

A consultant is evaluating multiple threat intelligence feeds to assess potential risks for a client. Which of the following is the BEST approach for the consultant to consider when modeling the client's attack surface?

  • A. Ask for external scans from industry peers, look at the open ports, and compare information with the client.
  • B. Discuss potential tools the client can purchase to reduce the likelihood of an attack.
  • C. Look at attacks against similar industry peers and assess the probability of the same attacks happening.
  • D. Meet with the senior management team to determine if funding is available for recommended solutions.
Reveal Solution Hide Solution   Discussion   16

Correct Answer: A 🗳️

Question #6 Topic 1

SIMULATION -
You are a penetration tester who is reviewing the system hardening guidelines for a company's distribution center. The company's hardening guidelines indicate the following:
✑ There must be one primary server or service per device.
✑ Only default ports should be used.
✑ Non-secure protocols should be disabled.
✑ The corporate Internet presence should be placed in a protected subnet.

INSTRUCTIONS -
Using the tools available, discover devices on the corporate network and the services that are running on these devices.
You must determine:
✑ The IP address of each device.
✑ The primary server or service of each device.
✑ The protocols that should be disabled based on the hardening guidelines.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.


Reveal Solution Hide Solution   Discussion   22

Correct Answer: See explanation below.


Question #7 Topic 1

A development team has asked users to conduct testing to ensure an application meets the needs of the business. Which of the following types of testing does this describe?

  • A. Acceptance testing
  • B. Stress testing
  • C. Regression testing
  • D. Penetration testing
Reveal Solution Hide Solution   Discussion   7

Correct Answer: A 🗳️

Question #8 Topic 1

An analyst receives artifacts from a recent intrusion and is able to pull a domain, IP address, email address, and software version. Which of the following points of the Diamond Model of Intrusion Analysis does this intelligence represent?

  • A. Infrastructure
  • B. Capabilities
  • C. Adversary
  • D. Victims
Reveal Solution Hide Solution   Discussion   39

Correct Answer: C 🗳️

Question #9 Topic 1

While conducting a network infrastructure review, a security analyst discovers a laptop that is plugged into a core switch and hidden behind a desk. The analyst sees the following on the laptop's screen:
[*] [NBT-NS] Poisoned answer sent to 192.169.23.115 for name FILE-SHARE-A (service: File Server)
[*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-SHARE-A
[*] [LLMNR] Poisoned answer sent to 192.168.23.115 for name FILE-SHARE-A
[SMBv2] NTLMv2-SSP Client : 192.168.23.115
[SMBv2] NTLMv2-SSP Username : CORP\jsmith
[SMBv2] NTLMv2-SSP Hash : F5DBF769CFEA7...
[*] [NBT-NS] Poisoned answer sent to 192.169.23.24 for name FILE-SHARE-A (service: File Server)
[*] [LLMNR] Poisoned answer sent to 192.168.23.24 for name FILE-SHARE-A
[*] [LLMNR] Poisoned answer sent to 192.168.23.24 for name FILE-SHARE-A
[SMBv2] NTLMv2-SSP Client : 192.168.23.24
[SMBv2] NTLMv2-SSP Username : CORP\progers
[SMBv2] NTLMv2-SSP Hash : 6D093BE2FDD70A...
Which of the following is the BEST action for the security analyst to take?

  • A. Force all users in the domain to change their passwords at the next login.
  • B. Disconnect the laptop and ask the users jsmith and progers to log out.
  • C. Take the FILE-SHARE-A server offline and scan it for viruses.
  • D. Initiate a scan of devices on the network to find password-cracking tools.
Reveal Solution Hide Solution   Discussion   29

Correct Answer: C 🗳️

Question #10 Topic 1

A Chief Executive Officer (CEO) is concerned the company will be exposed to data sovereignty issues as a result of some new privacy regulations. To help mitigate this risk, the Chief Information Security Officer (CISO) wants to implement an appropriate technical control. Which of the following would meet the requirement?

  • A. Data masking procedures
  • B. Enhanced encryption functions
  • C. Regular business impact analysis functions
  • D. Geographic access requirements
Reveal Solution Hide Solution   Discussion   46

Correct Answer: B 🗳️

Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in