[MAR 2021] CompTIA CS0-002 exam dumps and online practice questions are available from Lead4Pass

The latest updated CompTIA CS0-002 exam dumps and free CS0-002 exam practice questions and answers! Latest updates from Lead4Pass CompTIA CS0-002 Dumps PDF and CS0-002 Dumps VCE, Lead4Pass CS0-002 exam questions updated and answers corrected!
Get the full CompTIA CS0-002 dumps from https://www.leads4pass.com/cs0-002.html (VCE&PDF)

Latest CS0-002 PDF for free

Share the CompTIA CS0-002 Dumps PDF for free From Lead4pass CS0-002 Dumps part of the distraction collected on Google Drive shared by Lead4pass
https://drive.google.com/file/d/1XuTVvaCEqjkY-h0L_DQCfSH1B_Y061Sd/

The latest updated CompTIA CS0-002 Exam Practice Questions and Answers Online Practice Test is free to share from Lead4Pass (Q1-Q13)

QUESTION 1
An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating
systems.
As part of the management response phase of the audit, which of the following would BEST demonstrate senior
management is appropriately aware of and addressing the issue?
A. Copies of prior audits that did not identify the servers as an issue
B. Project plans relating to the replacement of the servers that were approved by management
C. Minutes from meetings in which risk assessment activities addressing the servers were discussed
D. ACLs from perimeter firewalls showing blocked access to the servers
E. Copies of change orders relating to the vulnerable servers
Correct Answer: C

QUESTION 2
A security analyst is responding to an incident on a web server on the company network that is making a large number
of outbound requests over DNS Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise\\’?
A. Run an anti-malware scan on the system to detect and eradicate the current threat
B. Start a network capture on the system to look into the DNS requests to validate command and control traffic.
C. Shut down the system to prevent further degradation of the company network
D. Reimage the machine to remove the threat completely and get back to a normal running state.
E. Isolate the system on the network to ensure it cannot access other systems while evaluation is underway.
Correct Answer: A

QUESTION 3
An analyst has been asked to provide feedback regarding the controls required by a revised regulatory framework. At
this time, the analyst only needs to focus on the technical controls.
Which of the following should the analyst provide an assessment of?
A. Tokenization of sensitive data
B. Establishment of data classifications
C. Reporting on data retention and purging activities
D. Formal identification of data ownership
E. Execution of NDAs
Correct Answer: A

QUESTION 4
A security analyst is reviewing the following log entries to identify anomalous activity:[2021.3] lead4pass cs0-002 practice test q4

Which of the following attack types is occurring?
A. Directory traversal
B. SQL injection
C. Buffer overflow
D. Cross-site scripting
Correct Answer: A

QUESTION 5
A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the
following output:[2021.3] lead4pass cs0-002 practice test q5

Which of the following commands should the administrator run NEXT to further analyze the compromised system?
A. strace /proc/1301
B. rpm -V openash-server
C. /bin/la -1 /proc/1301/exe
D. kill -9 1301
Correct Answer: A

QUESTION 6
A security analyst is investigating a system compromise. The analyst verifies the system was up to date on OS patches
at the time of the compromise. Which of the following describes the type of vulnerability that was MOST likely
exploited?
A. Insider threat
B. Buffer overflow
C. Advanced persistent threat
D. Zero-day
Correct Answer: D

QUESTION 7
An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs, the analyst
identifies an unexpected addition of a user with root-level privileges on the endpoint. Which of the following data sources
will BEST help the analyst to determine whether this event constitutes an incident?
A. Patching logs
B. Threat feed
C. Backup logs
D. Change requests
E. Data classification matrix
Correct Answer: E

QUESTION 8
An analyst identifies multiple instances of node-to-node communication between several endpoints within the
10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address
10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP
addresses that have recently appeared on threat feeds.
Which of the following can be inferred from this activity?
A. 10.200.2.0/24 is infected with ransomware.
B. 10.200.2.0/24 is not routable address space.
C. 10.200.2.5 is a rogue endpoint.
D. 10.200.2.5 is exfiltrating data.
Correct Answer: D

QUESTION 9
Which of the following BEST describes the process by which code is developed, tested, and deployed in small
batches?
A. Agile
B. Waterfall
C. SDLC
D. Dynamic code analysis
Correct Answer: C
Reference: https://www.cleverism.com/software-development-life-cycle-sdlc-methodologies/

QUESTION 10
A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the following should the
cybersecurity analysts do FIRST?
A. Apply the required patches to remediate the vulnerability.
B. Escalate the incident to senior management for guidance.
C. Disable all privileged user accounts on the network.
D. Temporarily block the attacking IP address.
Correct Answer: A
Reference: https://beyondsecurity.com/scan-pentest-network-vulnerabilities-snmp-protocol-version-detection.html

QUESTION 11
As part of a merger with another organization, a Chief Information Security Officer (CISO) is working with an assessor to
perform a risk assessment focused on data privacy compliance. The CISO is primarily concerned with the potential legal
liability and fines associated with data privacy. Based on the CISO\\’s concerns, the assessor will MOST likely focus on:
A. qualitative probabilities.
B. quantitative probabilities.
C. qualitative magnitude.
D. quantitative magnitude.
Correct Answer: D

QUESTION 12
The security team at a large corporation is helping the payment-processing team to prepare for a regulatory compliance
audit and meet the following objectives:
1.
Reduce the number of potential findings by the auditors.
2.
Limit the scope of the audit to only devices used by the payment-processing team for activities directly impacted by the
regulations.
3.
Prevent the external-facing web infrastructure used by other teams from coming into the scope.
4.
Limit the amount of exposure the company will face if the systems used by the payment-processing team are
compromised.
Which of the following would be the MOST effective way for the security team to meet these objectives?
A. Limit the permissions to prevent other employees from accessing data owned by the business unit.
B. Segment the servers and systems used by the business unit from the rest of the network.
C. Deploy patches to all servers and workstations across the entire organization.
D. Implement full-disk encryption on the laptops used by employees of the payment-processing team.
Correct Answer: B

QUESTION 13
When attempting to do a stealth scan against a system that does not respond to ping, which of the following Nmap
commands BEST accomplishes that goal?
A. Nmap -SA -O -noping
B. Nmap -sT -O -P0
C. Nmap -sS -O -P0
D. Nmap -SQ -O -P0
Correct Answer: C


Fulldumps shares the latest updated CompTIA CS0-002 exam exercise questions, CS0-002 dumps pdf for free.
All exam questions and answers come from the Lead4pass exam dumps shared part! Lead4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full CompTIA CS0-002 exam dumps questions at https://www.leads4pass.com/cs0-002.html (pdf&vce)

ps.
Get free CompTIA CS0-002 dumps PDF online: https://drive.google.com/file/d/1XuTVvaCEqjkY-h0L_DQCfSH1B_Y061Sd/