Exam Logo

Comptia (CS0-002) Exam Questions And Answers page 1

A company is moving from the use of web servers hosted in an internal datacenter to a containerized cloud platform. An analyst has been asked to identify indicators of compromise in the containerized environment. Which of the following would BEST indicate a running container has been compromised?
Security Operations and Monitoring
A security analyst discovered a specific series of IP addresses that are targeting an organization. None of the attacks have been successful. Which of the following should the security analyst perform NEXT?
Threat Management
An analyst performs a routine scan of a host using Nmap and receives the following output:


Which of the following should the analyst investigate FIRST?
Security Operations and Monitoring
A large software company wants to move its source control and deployment pipelines into a cloud-computing environment. Due to the nature of the business, management determines the recovery time objective needs to be within one hour. Which of the following strategies would put the company in the BEST position to achieve the desired recovery time?
Security Operations and Monitoring
A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is comptia.org. The testing is successful, and the security technician is prepared to fully implement the solution.

Which of the following actions should the technician take to accomplish this task?
Threat Management
An organization is assessing risks so it can prioritize its mitigation actions. Following are the risks and their probability and impact:


Which of the following is the order of priority for risk mitigation from highest to lowest?
Threat Management Cyber Incident Response
A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of the device, the security committee makes a risk-based policy decision to review and enforce the vendor upgrade before the end of life is reached.

Which of the following risk actions has the security committee taken?
Cybersecurity Tool Sets Compliance and Assessment
A security team identified some specific known tactics and techniques to help mitigate repeated credential access threats, such as account manipulation and brute forcing. Which of the following frameworks or models did the security team MOST likely use to identify the tactics and techniques?
Threat Management
The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the organization:


Which of the following should the organization consider investing in FIRST due to the potential impact of availability?
Threat Management Security Operations and Monitoring
An analyst is participating in the solution analysis process for a cloud-hosted SIEM platform to centralize log monitoring and alerting capabilities in the SOC.

Which of the following is the BEST approach for supply chain assessment when selecting a vendor?
Cybersecurity Tool Sets Compliance and Assessment