Comptia (CS0-002) Exam Questions And Answers page 1
A company is moving from the use of web servers hosted in an internal datacenter to a containerized cloud platform. An analyst has been asked to identify indicators of compromise in the containerized environment. Which of the following would BEST indicate a running container has been compromised?
An approved software orchestration container is running with root privileges
A container from an approved software image has stopped responding
A container from an approved software image fails to start
Security Operations and Monitoring
A security analyst discovered a specific series of IP addresses that are targeting an organization. None of the attacks have been successful. Which of the following should the security analyst perform NEXT?
Begin blocking all IP addresses within that subnet
Determine the attack vector and total attack surface
Begin a kill chain analysis to determine the impact
Conduct threat research on the IP addresses
Threat Management
An analyst performs a routine scan of a host using Nmap and receives the following output:
Which of the following should the analyst investigate FIRST?
Which of the following should the analyst investigate FIRST?
Port 21
Port 22
Port 23
Port 80
Security Operations and Monitoring
A large software company wants to move its source control and deployment pipelines into a cloud-computing environment. Due to the nature of the business, management determines the recovery time objective needs to be within one hour. Which of the following strategies would put the company in the BEST position to achieve the desired recovery time?
Establish an alternate site with active replication to other regions
Configure a duplicate environment in the same region and load balance between both instances
Set up every cloud component with duplicated copies and auto-scaling turned on
Create a duplicate copy on premises that can be used for failover in a disaster situation
Security Operations and Monitoring
A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is comptia.org. The testing is successful, and the security technician is prepared to fully implement the solution.
Which of the following actions should the technician take to accomplish this task?
Which of the following actions should the technician take to accomplish this task?
Add TXT @ "v=spf1 mx include:_spf.comptia.org "all" to the DNS record.
Add TXT @ "v=spf1 mx include:_spf.comptia.org "all" to the email server.
Add TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the domain controller.
Add TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the web server.
Threat Management
An organization is assessing risks so it can prioritize its mitigation actions. Following are the risks and their probability and impact:
Which of the following is the order of priority for risk mitigation from highest to lowest?
Which of the following is the order of priority for risk mitigation from highest to lowest?
A, B, C, D
A, D, B, C
B, C, A, D
C, B, D, A
D, A, C, B
Threat Management
Cyber Incident Response
A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of the device, the security committee makes a risk-based policy decision to review and enforce the vendor upgrade before the end of life is reached.
Which of the following risk actions has the security committee taken?
Which of the following risk actions has the security committee taken?
Risk exception
Risk avoidance
Risk tolerance
Risk acceptance
Cybersecurity Tool Sets
Compliance and Assessment
A security team identified some specific known tactics and techniques to help mitigate repeated credential access threats, such as account manipulation and brute forcing. Which of the following frameworks or models did the security team MOST likely use to identify the tactics and techniques?
MITRE ATT&CK
ITIL
Kill chain
Diamond Model of Intrusion Analysis
Threat Management
The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the organization:
Which of the following should the organization consider investing in FIRST due to the potential impact of availability?
Which of the following should the organization consider investing in FIRST due to the potential impact of availability?
Hire a managed service provider to help with vulnerability management
Build a warm site in case of system outages
Invest in a failover and redundant system, as necessary
Hire additional staff for the IT department to assist with vulnerability management and log review
Threat Management
Security Operations and Monitoring
An analyst is participating in the solution analysis process for a cloud-hosted SIEM platform to centralize log monitoring and alerting capabilities in the SOC.
Which of the following is the BEST approach for supply chain assessment when selecting a vendor?
Which of the following is the BEST approach for supply chain assessment when selecting a vendor?
Gather information from providers, including datacenter specifications and copies of audit reports.
Identify SLA requirements for monitoring and logging.
Consult with senior management for recommendations.
Perform a proof of concept to identify possible solutions.
Cybersecurity Tool Sets
Compliance and Assessment
Comments