Updated Jul-2023 100% Cover Real CS0-002 Exam Questions Make Sure You 100% Pass [Q14-Q36]

Share

Updated Jul-2023 100% Cover Real CS0-002 Exam Questions Make Sure You 100% Pass

CS0-002 dumps Accurate Questions and Answers with Free and Fast Updates

NEW QUESTION # 14
Which of the following can detect vulnerable third-parly libraries before code deployment?

  • A. Static analysis
  • B. Dynamic analysis
  • C. Protocol analysis
  • D. Impact analysis

Answer: A

Explanation:
Static analysis is a method of analyzing the source code or binary code of an application without executing it. Static analysis can detect vulnerable third-party libraries before code deployment by scanning the code for references to known vulnerable libraries or versions and reporting any issues or risks12.
Impact analysis is a process of assessing the potential effects of a change on a system or service, such as performance, availability, security and compatibility. Impact analysis does not detect vulnerable third-party libraries before code deployment, but rather helps to evaluate and communicate the consequences of a change.
Dynamic analysis is a method of analyzing the behavior or performance of an application by executing it under various conditions or inputs. Dynamic analysis does not detect vulnerable third-party libraries before code deployment, but rather helps to identify any errors or defects that occur at runtime.
Protocol analysis is a method of examining the data exchanged between devices or applications over a network by capturing and interpreting the packets or messages. Protocol analysis does not detect vulnerable third-party libraries before code deployment, but rather helps to monitor and troubleshoot network communication.


NEW QUESTION # 15
The business has been informed of a suspected breach of customer data. The internal audit team, in conjunction with the legal department, has begun working with the cybersecurity team to validate the report. To which of the following response processes should the business adhere during the investigation?

  • A. The security analysts should not respond to internal audit requests during an active investigation
  • B. The security analysts should limit communication to trusted parties conducting the investigation
  • C. The security analysts should interview system operators and report their findings to the internal auditors
  • D. The security analysts should report the suspected breach to regulators when an incident occurs

Answer: B


NEW QUESTION # 16
The incident response team is working with a third-party forensic specialist to investigate the root cause of a recent intrusion An analyst was asked to submit sensitive network design details for review The forensic specialist recommended electronic delivery for efficiency but email was not an approved communication channel to send network details Which of the following BEST explains the importance of using a secure method of communication during incident response?

  • A. To prevent adversaries from intercepting response and recovery details
  • B. To ensure the management team has access to all the details that are being exchanged
  • C. To have a backup plan in case email access is disabled
  • D. To ensure intellectual property remains on company servers

Answer: A

Explanation:
To prevent adversaries from intercepting response and recovery details. Using a secure method of communication during incident response is important to prevent adversaries from intercepting response and recovery details that could reveal the incident response team's actions, strategies, or findings. If the adversaries can intercept the communication, they could use it to evade detection, escalate their privileges, or launch further attacks. To ensure intellectual property remains on company servers, to have a backup plan in case email access is disabled, or to ensure the management team has access to all the details that are being exchanged are other possible reasons to use a secure method of communication, but they are not as important as preventing adversaries from intercepting response and recovery details. Reference: https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901


NEW QUESTION # 17
An incident responder successfully acquired application binaries off a mobile device for later forensic analysis.
Which of the following should the analyst do NEXT?

  • A. Inspect the permissions manifests within each application.
  • B. Compute SHA-256 hashes for each binary.
  • C. Encrypt the binaries using an authenticated AES-256 mode of operation.
  • D. Perform a factory reset on the affected mobile device.
  • E. Decompile each binary to derive the source code.

Answer: B


NEW QUESTION # 18
You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.
The company's hardening guidelines indicate the following:
* TLS 1.2 is the only version of TLS running.
* Apache 2.4.18 or greater should be used.
* Only default ports should be used.
INSTRUCTIONS
Using the supplied data, record the status of compliance with the company's guidelines for each server.
The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.




Answer:

Explanation:
See explanation below.
Explanation
Part 1 answer:
Check on the following:
AppServ1 is only using TLS.1.2
AppServ4 is only using TLS.1.2
AppServ1 is using Apache 2.4.18 or greater
AppServ3 is using Apache 2.4.18 or greater
AppServ4 is using Apache 2.4.18 or greater
Part 2 answer:
Recommendation:
Recommendation is to disable TLS v1.1 on AppServ2 and AppServ3. Also upgrade AppServ2 Apache to version 2.4.48 from its current version of 2.3.48


NEW QUESTION # 19
A security analyst inspects the header of an email that is presumed to be malicious and sees the following:

Which of the following is inconsistent with the rest of the header and should be treated as suspicious?

  • A. The sender's email address
  • B. The destination email server
  • C. The use of a TLS cipher
  • D. The subject line

Answer: B


NEW QUESTION # 20
Which of the following organizations would have to remediate embedded controller vulnerabilities?

  • A. Banking institutions
  • B. Regulatory agencies
  • C. Hydroelectric facilities
  • D. Public universities

Answer: C


NEW QUESTION # 21
A security engineer is reviewing security products that identify malicious actions by users as part of a company's insider threat program. Which of the following is the most appropriate product category for this purpose?

  • A. UEBA
  • B. SCAP
  • C. SOAR
  • D. WAF

Answer: A

Explanation:
UEBA stands for User and Entity Behavior Analytics, which is a category of security products that use machine learning and statistical analysis to identify malicious actions by users or entities on a network. UEBA products can detect anomalous or suspicious behaviors that deviate from normal patterns or baselines, such as data exfiltration, privilege escalation, unauthorized access, insider threats, or compromised accounts. UEBA products can also provide alerts, reports, or recommendations for response actions based on the detected behaviors.


NEW QUESTION # 22
An organization has not had an incident for several months. The Chief Information Security Officer (CISO) wants to move to a more proactive stance for security investigations. Which of the following would BEST meet that goal?

  • A. Active response
  • B. Information-sharing community
  • C. Advanced antivirus
  • D. Threat hunting
  • E. Root-cause analysis

Answer: D


NEW QUESTION # 23
A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:

Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

  • A. PC1
  • B. Server1
  • C. Firewall
  • D. PC2
  • E. Server2

Answer: D


NEW QUESTION # 24
A security analyst is reviewing the following DNS logs as part of security-monitoring activities:

Which of the following MOST likely occurred?

  • A. The attack used encryption to obfuscate the payload and bypass detection by an IDS.
  • B. The attack attempted to contact www.gooqle com to verify Internet connectivity.
  • C. The attack used an algorithm to generate command and control information dynamically.
  • D. The attack caused an internal host to connect to a command and control server.

Answer: D


NEW QUESTION # 25
A company's Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user's activity session.
Which of the following is the BEST technique to address the CISO's concerns?

  • A. Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.
  • B. Place a legal hold on the files. Require authorized users to abide by a strict time context access policy.
    Monitor the files for unauthorized changes.
  • C. Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.
  • D. Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.

Answer: A


NEW QUESTION # 26
An analyst is searching a log for potential credit card leaks. The log stores all data encoded in hexadecimal. Which of the following commands will allow the security analyst to confirm the incident?

  • A. cat log | xxd -r -p egrep '(0-9) (16)'
  • B. cat log xxd -r -p | egrep ' [0-9] {16}
  • C. egrep '(3(0-9)) (16) ' log
  • D. egrep ' (0-9) (16) ' log | xxdc

Answer: A


NEW QUESTION # 27
A system administrator has reviewed the following output:

Which of the following can a system administrator infer from the above output?

  • A. The company is running a vulnerable SSH server.
  • B. The company email server is running a non-standard port.
  • C. The company web server has been compromised.
  • D. The company email server has been compromised.

Answer: B


NEW QUESTION # 28
A hacker issued a command and received the following response:

Which of the following describes what the hacker is attempting?

  • A. OS fingerprinting
  • B. Penetrating the system
  • C. Topology discovery
  • D. Performing a zombie scan

Answer: B


NEW QUESTION # 29
While observing several host machines, a security analyst notices a program is overwriting data to a buffer. Which of the following controls will best mitigate this issue?

  • A. Prepared statements
  • B. Data execution prevention
  • C. Output encoding
  • D. Parameterized queries

Answer: B

Explanation:
Data execution prevention (DEP) is a security feature that prevents code from being executed in memory regions that are marked as data-only. This helps mitigate buffer overflow attacks, which are a type of attack where a program overwrites data to a buffer beyond its allocated size, potentially allowing malicious code to be executed. DEP can be implemented at the hardware or software level and can prevent unauthorized code execution in memory buffers. Reference: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 10; https://docs.microsoft.com/en-us/windows/win32/memory/data-execution-prevention


NEW QUESTION # 30
After detecting possible malicious external scanning, an internal vulnerability scan was performed, and a critical server was found with an outdated version of JBoss. A legacy application that is running depends on that version of JBoss. Which of the following actions should be taken FIRST to prevent server compromise and business disruption at the same time?

  • A. Contact the vendor for the legacy application and request an updated version.
  • B. Apply visualization over the server, using the new platform to provide the JBoss service for the legacy application as an external service.
  • C. Create a proper DMZ for outdated components and segregate the JBoss server.
  • D. Make a backup of the server and update the JBoss server that is running on it.

Answer: C

Explanation:
Explanation
What is that application for? "The DMZ is a special network zone designed to house systems that receive connections from the outside world, such as web and email servers. Sound firewall designs place these systems on an isolated network where, if they become compromised, they pose little threat to the internal network because connections between the DMZ and the internal network must still pass through the firewall and are subject to its security policy"


NEW QUESTION # 31
An organization has specific technical nsk mitigation configurations that must be implemented before a new server can be approved for production Several critical servers were recently deployed with the antivirus missing unnecessary ports disabled and insufficient password complexity Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

  • A. Perform password-cracking attempts on all devices going into production
  • B. Perform automated security controls testing of expected configurations pnor to production
  • C. Perform an Nmap scan on all devices before they are released to production
  • D. Perform antivirus scans on all devices before they are approved for production

Answer: B

Explanation:
Automated security controls testing is a method that uses tools or scripts to verify that the security controls of a system or device are configured correctly and comply with the organization's policies and standards. Performing automated security controls testing of expected configurations prior to production would help prevent a recurrence of the risk exposure caused by missing antivirus, unnecessary ports enabled, and insufficient password complexity. Performing password-cracking attempts, Nmap scans, or antivirus scans on all devices before they are released to production are other methods that can help detect some security issues, but they are not as comprehensive or efficient as automated security controls testing. Reference: https://www.nist.gov/system/files/documents/2017/04/28/sp800-115.pdf


NEW QUESTION # 32
A security analyst is reviewing output from a CVE-based vulnerability scanner. Before conducting the scan, the analyst was careful to select only Windows-based servers in a specific datacenter.
The scan revealed that the datacenter includes 27 machines running Windows 2003 Server Edition (Win2003SE). In 2015, there were 36 new vulnerabilities discovered in the Win2003SE environment.
Which of the following statements are MOST likely applicable? (Choose two.)

  • A. The resulting report on the vulnerability scan should include some reference that the scan of the datacenter included 27 Win2003SE machines that should be scheduled for replacement and deactivation.
  • B. Third-party vendors have addressed all of the necessary updates and patches required by Win2003SE.
  • C. Remediation of all Win2003SE machines requires changes to configuration settings and compensating controls to be made through Microsoft Security Center's Win2003SE Advanced Configuration Toolkit.
  • D. Remediation is likely to require some form of compensating control.
  • E. Microsoft's published schedule for updates and patches for Win2003SE have continued uninterrupted.

Answer: A,C


NEW QUESTION # 33
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue.
INSTRUCTIONS
Click on me ticket to see the ticket details Additional content is available on tabs within the ticket First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

Answer:

Explanation:


NEW QUESTION # 34
An incident response team is responding to a breach of multiple systems that contain Pll and PHI Disclosure of the incident to external entities should be based on:

  • A. the communication plan.
  • B. the public relations policy.
  • C. the responder's discretion.
  • D. the senior management team's guidance.

Answer: A

Explanation:
Explanation
The communication plan is an important part of incident response, as it outlines how and when information about the incident should be shared with external entities.
A communication plan is a set of procedures and protocols that define how an organization should communicate with external entities during times of emergency or security incident. The plan typically outlines how and when information about the incident should be shared, and ensures that any relevant stakeholders are informed of the incident in a timely manner. It also serves as a guide for determining what information to share with outside parties. Here is a link to an article from CompTIA's website about the importance of a communication plan for incident response for your reference:
https://www.comptia.org/content/incident-response-communication-plan


NEW QUESTION # 35
An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions. the user's account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis. The organization has the following reporting priorities when reviewing system activity:
* Successful administrator login reporting priority - high
* Failed administrator login reporting priority - medium
* Failed temporary elevated permissions - low
* Successful temporary elevated permissions - non-reportable
A security analyst is reviewing server syslogs and sees the following:
Which of the following events is the HIGHEST reporting priority?

  • A. Option B
  • B. Option C
  • C. Option D
  • D. Option A

Answer: D


NEW QUESTION # 36
......

Real CS0-002 Quesions Pass Certification Exams Easily: https://www.torrentvce.com/CS0-002-valid-vce-collection.html

Practice with these CS0-002 dumps Certification Sample Questions: https://drive.google.com/open?id=1A3Ao1h9VWhMM-Shw80aupRcWtgST5vYk