Comptia (CS0-002) Exam Questions And Answers page 11
While planning segmentation for an ICS environment, a security engineer determines IT resources will need access to devices within the ICS environment without compromising security.
To provide the MOST secure access model in this scenario, the jumpbox should be __________.
To provide the MOST secure access model in this scenario, the jumpbox should be __________.
placed on the ICS network with a static firewall rule that allows IT network resources to authenticate.
bridged between the IT and operational technology networks to allow authenticated access.
placed on the IT side of the network, authenticated, and tunneled into the ICS environment.
Security Architecture and Tool Sets
Security Operations and Monitoring
Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below:
Which of the following MOST likely explains how the clients' accounts were compromised?
Which of the following MOST likely explains how the clients' accounts were compromised?
The clients' authentication tokens were impersonated and replayed.
The clients' usernames and passwords were transmitted in cleartext.
An XSS scripting attack was carried out on the server.
A SQL injection attack was carried out on the server.
Threat Management
Cyber Incident Response
A small marketing firm uses many SaaS applications that hold sensitive information. The firm has discovered terminated employees are retaining access to systems for many weeks after their end date. Which of the following would BEST resolve the issue of lingering access?
Perform weekly manual reviews on system access to uncover any issues.
Set up a privileged access management tool that can fully manage privileged account access.
Implement MFA on cloud-based systems.
Configure federated authentication with SSO on cloud provider systems.
Threat Management
Cybersecurity Tool Sets
A security analyst is reviewing a web application. If an unauthenticated user tries to access a page in the application, the user is redirected to the login page. After successful authentication, the user is then redirected back to the original page. Some users have reported receiving phishing emails with a link that takes them to the application login page but then redirects to a fake login page after successful authentication.
Which of the following will remediate this software vulnerability?
Which of the following will remediate this software vulnerability?
Enforce unique session IDs for the application.
Deploy a WAF in front of the web application.
Check for and enforce the proper domain for the redirect.
Use a parameterized query to check the credentials.
Implement email filtering with anti-phishing protection.
Cyber Incident Response
Cybersecurity Tool Sets
An analyst is reviewing the following code output of a vulnerability scan:
Which of the following types of vulnerabilities does this MOST likely represent?
Which of the following types of vulnerabilities does this MOST likely represent?
A XSS vulnerability
An HTTP response split vulnerability
A credential bypass vulnerability
A carriage-return, line-feed vulnerability
Security Architecture and Tool Sets
Cybersecurity Tool Sets
SIMULATION
You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.
The company's hardening guidelines indicate the following:
" TLS 1.2 is the only version of TLS running.
" Apache 2.4.18 or greater should be used.
" Only default ports should be used.
INSTRUCTIONS
Using the supplied data, record the status of compliance with the company's guidelines for each server.
The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.
You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.
The company's hardening guidelines indicate the following:
" TLS 1.2 is the only version of TLS running.
" Apache 2.4.18 or greater should be used.
" Only default ports should be used.
INSTRUCTIONS
Using the supplied data, record the status of compliance with the company's guidelines for each server.
The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.
Cybersecurity Tool Sets
Compliance and Assessment
A security analyst discovers accounts in sensitive SaaS-based systems are not being removed in a timely manner when an employee leaves the organization. To BEST resolve the issue, the organization should implement:
federated authentication
role-based access control
manual account reviews
multifactor authentication
Threat Management
Cybersecurity Tool Sets
A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output:
The analyst uses the vendor's website to confirm the oldest supported version is correct.
Which of the following BEST describes the situation?
The analyst uses the vendor's website to confirm the oldest supported version is correct.
Which of the following BEST describes the situation?
This is a false positive, and the scanning plugin needs to be updated by the vendor.
This is a true negative, and the new computers have the correct version of the software.
This is a true positive, and the new computers were imaged with an old version of the software.
This is a false negative, and the new computers need to be updated by the desktop team.
Threat Management
Cybersecurity Tool Sets
An organization that uses SPF has been notified emails sent via its authorized third-party partner are getting rejected. A security analyst reviews the DNS entry and sees the following:
v=spf1 ip4:180.10.6.5 ip4:180.10.6.10 include:robustmail.com all
The organization s primary mail server IP is 180.10.6.6, and the secondary mail server IP is 180.10.6.5. The organization s third-party mail provider is Robust Mail with the domain name robustmail.com. Which of the following is the MOST likely reason for the rejected emails?
v=spf1 ip4:180.10.6.5 ip4:180.10.6.10 include:robustmail.com all
The organization s primary mail server IP is 180.10.6.6, and the secondary mail server IP is 180.10.6.5. The organization s third-party mail provider is Robust Mail with the domain name robustmail.com. Which of the following is the MOST likely reason for the rejected emails?
SPF version 1 does not support third-party providers.
The primary and secondary email server IP addresses are out of sequence.
An incorrect IP version is being used.
The wrong domain name is in the SPF record.
Threat Management
Security Architecture and Tool Sets
A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident. The analyst determines backups were not performed during this time and reviews the following:
Which of the following should the analyst review to find out how the data was exfiltrated?
Which of the following should the analyst review to find out how the data was exfiltrated?
Monday s logs
Tuesday s logs
Wednesday s logs
Thursday s logs
Cyber Incident Response
Cybersecurity Tool Sets
Comments