Updated Feb-2024 Test Engine to Practice CS0-002 Test Questions
CS0-002 Real Exam Questions Test Engine Dumps Training With 371 Questions
NEW QUESTION # 126
A security analyst is reviewing the following DNS logs as part of security-monitoring activities:
Which of the following MOST likely occurred?
- A. The attack used an algorithm to generate command and control information dynamically.
- B. The attack caused an internal host to connect to a command and control server.
- C. The attack attempted to contact www.gooqle com to verify Internet connectivity.
- D. The attack used encryption to obfuscate the payload and bypass detection by an IDS.
Answer: B
NEW QUESTION # 127
An analyst is reviewing the following output as part of an incident:
Which of the Wowing is MOST likely happening?
- A. Information is leaking from the memory of host 10.20 30.40
- B. Sensitive data is being exfilltrated by host 192.168.1.10.
- C. The hosts are part of a reflective denial -of -service attack.
- D. Host 291.168.1.10 is performing firewall port knocking.
Answer: C
Explanation:
The hosts are most likely part of a reflective denial-of-service attack. A reflective denial-of-service attack is a technique that allows attackers to both magnify the amount of malicious traffic they can generate and obscure the sources of the attack traffic. This type of distributed denial-of-service (DDoS) attack overwhelms the target, causing disruption or outage of systems and services. A reflective denial-of-service attack works by spoofing the target's IP address and sending requests to vulnerable servers that will respond to the target. The servers act as reflectors that bounce back the responses to the target, amplifying the attack volume and hiding the attacker's identity1. The output shows that host 10.20.30.40 is sending requests with a spoofed source IP address of 192.168.1.10 to host 203.0.113.15 on port 123, which is used by the Network Time Protocol (NTP). NTP is a common protocol used for reflection/amplification attacks, as it can generate large responses to small requests2.
NEW QUESTION # 128
An organization has the following risk mitigation policies
* Risks without compensating controls will be mitigated first it the nsk value is greater than $50,000
* Other nsk mitigation will be pnontized based on risk value.
The following risks have been identified:
Which of the following is the ordei of priority for risk mitigation from highest to lowest?
- A. A, C, D, B
- B. C. D, A, B
- C. B, C, D, A
- D. C, B, A, D
- E. D, C, B, A
Answer: B
NEW QUESTION # 129
An IT security analyst has received an email alert regarding vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?
- A. loT
- B. CAN bus
- C. SCADA
- D. Modbus
Answer: B
Explanation:
CAN bus (Controller Area Network) is a vehicle bus standard designed to allow microcontrollers and devices to communicate with each other's applications without a host computer1. CAN bus is a message-based protocol, designed originally for multiplex electrical wiring within automobiles to save on copper, but it can also be used in many other contexts. CAN bus enables each device to send and receive data on a shared network, reducing the need for complex wiring and increasing reliability and performance. CAN bus is one of the five protocols used in the on-board diagnostics (OBD)-II vehicle diagnostics standard. A vulnerability within the new fleet of vehicles that the company recently purchased is most likely targeting CAN bus, as it is a common and critical communication system in modern vehicles. An attacker could exploit a vulnerability in CAN bus to compromise or manipulate various vehicle functions or systems, such as braking, steering, engine control, airbags, etc. SCADA (A) stands for Supervisory Control And Data Acquisition, which is a system that monitors and controls industrial processes or infrastructure2. SCADA is not a vehicle bus standard and is not likely to be targeted by a vulnerability within a fleet of vehicles. Modbus is a serial communications protocol that connects industrial electronic devices3. Modbus is not a vehicle bus standard and is not likely to be targeted by a vulnerability within a fleet of vehicles. IoT (D) stands for Internet of Things, which is a network of physical objects that are embedded with sensors, software, and other technologies to connect and exchange data with other devices and systems over the internet. IoT is not a vehicle bus standard and is not likely to be targeted by a vulnerability within a fleet of vehicles.
NEW QUESTION # 130
A security analyst has been alerted to several emails that snow evidence an employee is planning malicious activities that involve employee Pll on the network before leaving the organization. The security analysis BEST response would be to coordinate with the legal department and:
- A. senior leadership
- B. the human resources department
- C. the public relations department
- D. law enforcement
Answer: B
NEW QUESTION # 131
A security analyst is reviewing the logs from an internal chat server. The chat.log file is too large to review manually, so the analyst wants to create a shorter log file that only includes lines associated with a user demonstrating anomalous activity. Below is a snippet of the log:
Which of the following commands would work BEST to achieve the desired result?
- A. grep -i javashark chat.log
- B. grep -i pythonfun chat.log
- C. grep -v chatter14 chat.log
- D. grep -v pythonfun chat.log
- E. grep -i chatter14 chat.log
- F. grep -v javashark chat.log
Answer: F
NEW QUESTION # 132
A user receives a potentially malicious email that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review.
Which of the following commands would MOST likely indicate if the email is malicious?
- A. cat < ~/Desktop/file.pdf | grep -i .exe
- B. sha256sum ~/Desktop/file.pdf
- C. strings ~/Desktop/file.pdf | grep "<script"
- D. file ~/Desktop/file.pdf
Answer: B
NEW QUESTION # 133
A bad actor bypasses authentication and reveals all records in a database through an SQL injection.
Implementation of which of the following would work BEST to prevent similar attacks in
- A. Blacklisting
- B. Content filtering
- C. SQL patching
- D. Strict input validation
- E. Output encoding
Answer: D
NEW QUESTION # 134
An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions. the user's account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis. The organization has the following reporting priorities when reviewing system activity:
* Successful administrator login reporting priority - high
* Failed administrator login reporting priority - medium
* Failed temporary elevated permissions - low
* Successful temporary elevated permissions - non-reportable
A security analyst is reviewing server syslogs and sees the following:
Which of the following events is the HIGHEST reporting priority?
- A. Option D
- B. Option B
- C. Option C
- D. Option A
Answer: D
NEW QUESTION # 135
Which of following allows Secure Boot to be enabled?
- A. UEFI
- B. eFuse
- C. PAM
- D. MSM
Answer: A
Explanation:
UEFI, or Unified Extensible Firmware Interface, is a specification that defines the software interface between an operating system and platform firmware. UEFI replaces the legacy BIOS (Basic Input/Output System) interface that was used to boot and configure computers. UEFI provides several advantages over BIOS, such as faster boot times, better security features, larger disk support, graphical user interface, etc. One of the security features that UEFI supports is Secure Boot, which is a mechanism that ensures that only authorized software can run during the boot process. Secure Boot prevents unauthorized or malicious code from loading or executing before the operating system starts. Secure Boot works by verifying the digital signature of each piece of boot software against a database of trusted keys stored in UEFI firmware. If the signature is valid, the software is allowed to run; otherwise, it is blocked or rejected.
NEW QUESTION # 136
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aonfrom the command line and receives the following output:
Which of the following lines indicates the computer may be compromised?
- A. Line 2
- B. Line 3
- C. Line 1
- D. Line 4
- E. Line 6
- F. Line 5
Answer: D
NEW QUESTION # 137
A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:
Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?
- A. Server1
- B. PC1
- C. Firewall
- D. Server2
- E. PC2
Answer: E
NEW QUESTION # 138
A pharmaceutical company's marketing team wants to send out notifications about new products to alert users of recalls and newly discovered adverse drug reactions. The team plans to use the names and mailing addresses that users have provided.
Which of the following data privacy standards does this violate?
- A. Purpose limitation
- B. Sovereignty
- C. Data minimization
- D. Retention
Answer: A
NEW QUESTION # 139
A cybersecurity analyst routinely checks logs, querying for login attempts. While querying for unsuccessful login attempts during a five-day period, the analyst produces the following report:
Which of the following BEST describes what the analyst Just found?
- A. Users 4 and 5 are using their credentials to transfer files to multiple servers.
- B. Users 4 and 5 are using their credentials to run an unauthorized scheduled task targeting some servers In the cloud.
- C. A bot is running a brute-force attack in an attempt to log in to the domain.
- D. An unauthorized user is using login credentials in a script.
Answer: D
Explanation:
A script is a program that can automate tasks or perform actions on a computer system. A script can be used to attempt multiple login attempts with different credentials, either randomly or from a list of known or guessed usernames and passwords. This can be done to gain unauthorized access to a system or to test its security12.
Users 4 and 5 are not using their credentials to transfer files or run tasks, because the report shows that they have failed login attempts on multiple servers. If they were authorized users, they would not have failed login attempts. Also, transferring files or running tasks does not require multiple login attempts on different servers.
A bot is a software application that runs automated tasks over the Internet. A bot can also be used to perform brute-force attacks, which are repeated attempts to guess a password or other authentication information. However, a bot would not use login credentials in a script, but rather generate random or common passwords to try3.
NEW QUESTION # 140
A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking
Error! Hyperlink reference not valid. in a phishing email.
To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the .
- A. IDS to match the malware sample.
- B. firewall to block connection attempts to dynamic DNS hosts.
- C. proxy to block all connections to <malwaresource>.
- D. email server that automatically deletes attached executables.
Answer: C
NEW QUESTION # 141
You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.
The company's hardening guidelines indicate the following:
* TLS 1.2 is the only version of TLS running.
* Apache 2.4.18 or greater should be used.
* Only default ports should be used.
INSTRUCTIONS
Using the supplied data, record the status of compliance with the company's guidelines for each server.
The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.
Answer:
Explanation:
See explanation below.
Explanation
Part 1 answer:
Check on the following:
AppServ1 is only using TLS.1.2
AppServ4 is only using TLS.1.2
AppServ1 is using Apache 2.4.18 or greater
AppServ3 is using Apache 2.4.18 or greater
AppServ4 is using Apache 2.4.18 or greater
Part 2 answer:
Recommendation:
Recommendation is to disable TLS v1.1 on AppServ2 and AppServ3. Also upgrade AppServ2 Apache to version 2.4.48 from its current version of 2.3.48
NEW QUESTION # 142
A security analyst has discovered malware is spreading across multiple critical systems and is originating from a single workstations, which belongs to a member of the cyber-infrastructure team who has legitimate administrator credentials. An analysis of the traffic indicates the workstation swept the networking looking for vulnerable hosts to infect. Which of the following would have worked BEST to prevent the spread of this infection?
- A. A honeypot used to catalog the anomalous behavior and update the IPS.
- B. Logical network segmentation and the use of jump boxes
- C. Vulnerability scans of the network and proper patching.
- D. A properly configured and updated EDR solution.
Answer: B
NEW QUESTION # 143
A social media company is planning an acquisition. Prior to the purchase, the Chief Security Officer (CSO) would like a full report to gain a better understanding of the prospective company's cybersecurity posture and to identify risks in the supply chain. Which of the following will best support the CSO's objective?
- A. Non-disclosure agreement
- B. Memorandum of understanding
- C. Third-party assessment
- D. Software source authenticity
Answer: C
Explanation:
Third-party assessment. A third-party assessment is a process that explores the risk posed to your organization by third-party vendors along the supply chain. This process evaluates the likelihood that your business is exposed to different third-party risks such as compliance risk, operational risk, financial risk, security risk and cybersecurity risk1.
A third-party assessment can help the CSO gain a better understanding of the prospective company's cybersecurity posture by:
Providing an independent and objective evaluation of the vendor's security policies, controls, and practices.
Identifying any gaps or weaknesses in the vendor's security posture that could compromise your organization's data, systems, or reputation.
Recommending actions or improvements to mitigate or reduce the identified risks and enhance the vendor's security performance.
A third-party assessment can also help the CSO identify risks in the supply chain by:
Mapping and tracing the data flow and dependencies among the vendor and its subcontractors or suppliers.
Assessing how the vendor and its subcontractors or suppliers safeguard data and comply with relevant regulations and standards.
Detecting any signs of malicious or negligent behavior by the vendor or its subcontractors or suppliers that could harm your organization or its customers.
NEW QUESTION # 144
The Cruel Executive Officer (CEO) of a large insurance company has reported phishing emails that contain malicious links are targeting the entire organza lion Which of the following actions would work BEST to prevent against this type of attack?
- A. Turn on full behavioral analysis to avert an infection
- B. Implement an EDR mail module that will rewrite and analyze email links.
- C. Reconfigure the EDR solution to perform real-time scanning of all files
- D. Modify the EDR solution to use heuristic analysis techniques for malware.
- E. Ensure EDR signatures are updated every day to avert infection.
Answer: B
Explanation:
Explanation
If you're concerned about spear phishing and other advanced threats that may impact your organization, a next-gen EDR endpoint protection platform offers a lot of advantages over traditional antivirus.
NEW QUESTION # 145
......
CS0-002 Actual Questions Answers PDF 100% Cover Real Exam Questions: https://2cram.actualtestsit.com/CompTIA/CS0-002-exam-prep-dumps.html