CompTIA CS0-002 Certification Exam Dumps with 299 Practice Test Questions
New CS0-002 Exam Dumps with High Passing Rate
What is the Exam fee for CompTIA CS0-002 Exam
- The cost of CompTIA CS0-002 Exam is $359
CompTIA CS0-002 Exam Syllabus Topics:
| Topic | Details |
|---|---|
Threat and Vulnerability Management - 22% | |
| Explain the importance of threat data and intelligence. | 1. Intelligence sources
2. Confidence levels
4. Threat classification
5. Threat actors
6. Intelligence cycle
7. Commodity malware
|
| Given a scenario, utilize threat intelligence to support organizational security. | 1. Attack frameworks
2. Threat research
3. Threat modeling methodologies
3. Threat intelligence sharing with supported functions
|
| Given a scenario, perform vulnerability management activities. | 1. Vulnerability identification
2. Validation
3. Remediation/mitigation
4. Scanning parameters and criteria
5. Inhibitors to remediation
|
| Given a scenario, analyze the output from common vulnerability assessment tools. | 1.Web application scanner
2.Infrastructure vulnerability scanner
3.Software assessment tools and techniques
4.Enumeration
5. Wireless assessment tools
6. Cloud infrastructure assessment tools
|
| Explain the threats and vulnerabilities associated with specialized technology. | 1. Mobile 2. Internet of Things (IoT) 3. Embedded 4. Real-time operating system (RTOS) 5. System-on-Chip (SoC) 6. Field programmable gate array (FPGA) 7. Physical access control 8. Building automation systems 9. Vehicles and drones
10. Workflow and process automation systems
|
| Explain the threats and vulnerabilities associated with operating in the cloud. | 1. Cloud service models
2. Cloud deployment models
3. Function as a Service (FaaS)/serverless architecture
|
| Given a scenario, implement controls to mitigate attacks and software vulnerabilities. | 1. Attack types
2. Vulnerabilities
|
Software and Systems Security - 18% | |
| Given a scenario, apply security solutions for infrastructure management. | 1. Cloud vs. on-premises 2. Asset management
3. Segmentation
4. Network architecture
5. Change management
7. Containerization
9. Cloud access security broker (CASB) |
| Explain software assurance best practices. | 1. Platforms Mobile Web application Client/server Embedded System-on-chip (SoC) Firmware 2. Software development life cycle (SDLC) integration 3. DevSecOps 4. Software assessment methods User acceptance testing Stress test application Security regression testing Code review 5. Secure coding best practices Input validation Output encoding Session management Authentication Data protection Parameterized queries 6. Static analysis tools 7. Dynamic analysis tools 8. Formal methods for verification of critical software 9. Service-oriented architecture
|
| Explain hardware assurance best practices. | 1. Hardware root of trust Trusted platform module (TPM) Hardware security module (HSM) 2. eFuse 3. Unified Extensible Firmware Interface (UEFI) 4. Trusted foundry 5. Secure processing
6. Anti-tamper |
Security Operations and Monitoring - 25% | |
| Given a scenario, analyze data as part of security monitoring activities. | 1. Heuristics 2. Trend analysis 3. Endpoint
4. Network
5. Log review
6. Impact analysis
7. Security information and event management (SIEM) review
8. Query writing
9. E-mail analysis
|
| Given a scenario, implement configuration changes to existing controls to improve security. | 1. Permissions 2. Whitelisting 3. Blacklisting 4. Firewall 5. Intrusion prevention system (IPS) rules 6. Data loss prevention (DLP) 7. Endpoint detection and response (EDR) 8. Network access control (NAC) 9. Sinkholing 10. Malware signatures
11. Sandboxing |
| Explain the importance of proactive threat hunting. | 1. Establishing a hypothesis 2. Profiling threat actors and activities 3. Threat hunting tactics
4. Reducing the attack surface area |
| Compare and contrast automation concepts and technologies. | 1. Workflow orchestration
2. Scripting
9. Continuous integration |
Incident Response - 22% | |
| Explain the importance of the incident response process. | 1. Communication plan
2. Response coordination with relevant entities
3. Factors contributing to data criticality
|
| Given a scenario, apply the appropriate incident response procedure. | 1. Preparation
2. Detection and analysis
3. Containment
4. Eradication and recovery
5. Post-incident activities
|
| Given an incident, analyze potential indicators of compromise. | 1. Network-related
2. Host-related
3. Application-related
|
| Given a scenario, utilize basic digital forensics techniques. | 1. Network
2. Endpoint
3. Mobile
9. Carving |
Compliance and Assessment - 13% | |
| Understand the importance of data privacy and protection. | 1. Privacy vs. security 2. Non-technical controls
3. Technical controls
|
| Given a scenario, apply security concepts in support of organizational risk mitigation. | 1. Business impact analysis 2. Risk identification process 3. Risk calculation
4. Communication of risk factors
6. Systems assessment
9. Supply chain assessment
|
| Explain the importance of frameworks, policies, procedures, and controls. | 1. Frameworks
2. Policies and procedures
3. Category
4. Control type
5. Audits and assessments
|
NEW QUESTION 22
A business recently installed a kiosk that is running on a hardened operating system as a restricted user. The kiosk user application is the only application that is allowed to run. A security analyst gets a report that pricing data is being modified on the server, and management wants to know how this is happening. After reviewing the logs, the analyst discovers the root account from the kiosk is accessing the files. After validating the permissions on the server, the analyst confirms the permissions from the kiosk do not allow to write to the server data.
Which of the following is the MOST likely reason for the pricing data modifications on the server?
- A. Data on the server is not encrypted, allowing users to change the pricing data.
- B. Customers are logging off the kiosk and guessing the root account password.
- C. Customers are escaping the application shell and gaining root-level access.
- D. The kiosk user account has execute permissions on the server data files.
Answer: C
NEW QUESTION 23
After a breach involving the exfiltration of a large amount of sensitive data a security analyst is reviewing the following firewall logs to determine how the breach occurred:
Which of the following IP addresses does the analyst need to investigate further?
- A. 192.168.1.1
- B. 192.168.1.193
- C. 192.168.1.10
- D. 192.168.1.12
Answer: D
NEW QUESTION 24
A security analyst, who is working for a company that utilizes Linux servers, receives the following results from a vulnerability scan:
Which of the following is MOST likely a false positive?
- A. Unsupported web server detection
- B. Windows SMB service enumeration via \srvsvc
- C. Anonymous FTP enabled
- D. ICMP timestamp request remote date disclosure
Answer: B
NEW QUESTION 25
An organization suspects it has had a breach, and it is trying to determine the potential impact.
The organization knows the following:
- The source of the breach is linked to an IP located in a foreign
country.
- The breach is isolated to the research and development servers.
- The hash values of the data before and after the breach are
unchanged.
- The affected servers were regularly patched, and a recent scan showed no vulnerabilities.
Which of the following conclusions can be drawn with respect to the threat and impact? (Choose two.)
- A. The threat is an APT.
- B. The threat is an insider.
- C. The integrity of the data is unaffected.
- D. The source IP of the threat has been spoofed.
- E. The confidentiality of the data is unaffected.
Answer: A,C
NEW QUESTION 26
After a breach involving the exfiltration of a large amount of sensitive data a security analyst is reviewing the following firewall logs to determine how the breach occurred:
Which of the following IP addresses does the analyst need to investigate further?
- A. 192.168.1.1
- B. 192.168.1.193
- C. 192.168.1.10
- D. 192.168.1.12
Answer: D
NEW QUESTION 27
A company's Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user's activity session.
Which of the following is the BEST technique to address the CISO's concerns?
- A. Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.
- B. Place a legal hold on the files. Require authorized users to abide by a strict time context access policy.
Monitor the files for unauthorized changes. - C. Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.
- D. Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.
Answer: A
NEW QUESTION 28
Which of the following policies would slate an employee should not disable security safeguards, such as host firewalls and antivirus on company systems?
- A. Password policy
- B. Acceptable use policy
- C. Code of conduct policy
- D. Account management policy
Answer: B
NEW QUESTION 29
A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:
The analyst runs the following command next:
Which of the following would explain the difference in results?
- A. The original ping command needed root permission to execute.
- B. The routing tables for ping and hping3 were different.
- C. hping3 is returning a false positive.
- D. ICMP is being blocked by a firewall.
Answer: D
NEW QUESTION 30
A cybersecurity analyst needs to determine whether a large file named access log from a web server contains the following loC:
../../../../bin/bash
Which of the following commands can be used to determine if the string is present in the log?
- A. grep "../../../. ./bin/bash" < access.log
- B. echo access.log | grep "../../../../bin/bash"
- C. grep "../../../../bin/bash" 1 cat access.log
- D. cat access.log > grep "../../../ ../bin/bash"
Answer: A
NEW QUESTION 31
A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:
Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?
- A. Server1
- B. PC2
- C. Server2
- D. Firewall
- E. PC1
Answer: B
NEW QUESTION 32
Drag and Drop Question
You suspect that multiple unrelated security events have occurred on several nodes on a corporate network. You must review all logs and correlate events when necessary to discover each security event by clicking on each node. Only select corrective actions if the logs shown a security event that needs remediation. Drag and drop the appropriate corrective actions to mitigate the specific security event occurring on each affected device.
Instructions:
The Web Server, Database Server, IDS, Development PC, Accounting PC and Marketing PC are clickable. Some actions may not be required and each actions can only be used once per node.
The corrective action order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.











Answer:
Explanation:











NEW QUESTION 33
An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to attain the desired outcome?
- A. Set up a warm disaster recovery site with the same cloud provider in a different region
- B. Establish a hot site with active replication to another region within the same cloud provider.
- C. Duplicate all services in another instance and load balance between the instances.
- D. Configure the systems with a cold site at another cloud provider that can be used for failover.
Answer: A
NEW QUESTION 34
A security professional is analyzing the results of a network utilization report. The report includes the following information:
Which of the following servers needs further investigation?
- A. hr.dbprod.01
- B. R&D.file.srvr.01
- C. web.srvr.03
- D. mrktg.file.srvr.02
Answer: A
NEW QUESTION 35
The Chief Information Security Officer (CISO) asked for a topology discovery to be conducted and verified against the asset inventory. The discovery is failing and not providing reliable or complete data. The syslog shows the following information:
Which of the following describes the reason why the discovery is failing?
- A. The server running LDAP has antivirus deployed.
- B. The scanning tool lacks valid LDAP credentials.
- C. The connection to the LDAP server is timing out.
- D. The scan is returning LDAP error code 52255a.
- E. The LDAP server is configured on the wrong port.
Answer: B
NEW QUESTION 36
In reviewing firewall logs, a security analyst has discovered the following IP address, which several employees are using frequently:
152.100.57.18
The organization's servers use IP addresses in the 192.168.0.1/24 CIDR. Additionally, the analyst has noticed that corporate data is being stored at this new location. A few of these employees are on the management and executive management teams. The analyst has also discovered that there is no record of this IP address or service in reviewing the known locations of managing system assets. Which of the following is occurring in this scenario?
- A. Data exfiltration
- B. Malicious process
- C. Unauthorized access
- D. Unauthorized change
Answer: A
NEW QUESTION 37
A SIEM alert occurs with the following output:
Which of the following BEST describes this alert?
- A. The alert is valid because IP spoofing may be occurring on the network
- B. The alert is a false positive; both NICs are of the same brand
- C. The alert is a false positive; there is a device with dual NICs
- D. The alert is valid because there may be a rogue device on the network
Answer: A
NEW QUESTION 38
A security analyst conducted a risk assessment on an organization's wireless network and identified a high-risk element in the implementation of data confidentially protection.
Which of the following is the BEST technical security control to mitigate this risk?
- A. Switch to the WPA2 protocol.
- B. Switch to 802 IX technology
- C. Switch to TACACS+ technology.
- D. Switch to RADIUS technology
Answer: C
NEW QUESTION 39
An organization was alerted to a possible compromise after its proprietary data was found for sale on the Internet. An analyst is reviewing the logs from the next-generation UTM in an attempt to find evidence of this breach. Given the following output:
Which of the following should be the focus of the investigation?
- A. sftp.org-dmz.org
- B. webserver.org-dmz.org
- C. ftps.bluemed.net
- D. 83hht23.org-int.org
Answer: C
NEW QUESTION 40
A security analyst implemented a solution that would analyze the attacks that the organization's firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command.
S sudo nc -1 -v -c maildemon . py 25 caplog, txt
Which of the following solutions did the analyst implement?
- A. Crontab mail script
- B. Log collector
- C. Snikhole
- D. Honeypot
Answer: B
NEW QUESTION 41
A cybersecurity analyst has several log files to review. Instead of using grep and cat commands, the analyst decides to find a better approach to analyze the logs. Given a list of tools, which of the following would provide a more efficient way for the analyst to conduct a timeline analysis, do keyword searches, and output a report?
- A. Syslog
- B. Splunk
- C. OSSIM
- D. Kali
Answer: B
NEW QUESTION 42
A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.
Tool A reported the following:
Tool B reported the following:
Which of the following BEST describes the method used by each tool? (Choose two.)
- A. Tool B is unauthenticated.
- B. Tool A used fuzzing logic to test vulnerabilities.
- C. Tool B utilized machine learning technology.
- D. Tool B is agent based.
- E. Tool A is agent based.
- F. Tool A is unauthenticated.
Answer: D,F
NEW QUESTION 43
A company's Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user's activity session.
Which of the following is the BEST technique to address the CISO's concerns?
- A. Place a legal hold on the files. Require authorized users to abide by a strict time context access policy.
Monitor the files for unauthorized changes. - B. Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.
- C. Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.
- D. Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.
Answer: A
NEW QUESTION 44
A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:
Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?
- A. Server1
- B. PC2
- C. Server2
- D. Firewall
- E. PC1
Answer: B
NEW QUESTION 45
......
Get CS0-002 Braindumps & CS0-002 Real Exam Questions: https://www.actual4test.com/CS0-002_examcollection.html
CompTIA CS0-002 Actual Questions and Braindumps: https://drive.google.com/open?id=1y7_1RdsvYAo1IC3vrVoqWCSfhD9dpzZD