Comptia (CS0-002) Exam Questions And Answers page 2
SIMULATION
You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.
The company's hardening guidelines indicate the following:
" TLS 1.2 is the only version of TLS running.
" Apache 2.4.18 or greater should be used.
" Only default ports should be used.
INSTRUCTIONS
Using the supplied data, record the status of compliance with the company's guidelines for each server.
The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.
You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.
The company's hardening guidelines indicate the following:
" TLS 1.2 is the only version of TLS running.
" Apache 2.4.18 or greater should be used.
" Only default ports should be used.
INSTRUCTIONS
Using the supplied data, record the status of compliance with the company's guidelines for each server.
The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.
Cybersecurity Tool Sets
Compliance and Assessment
A company s Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user s activity session. Which of the following is the BEST technique to address the CISO s concerns?
Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.
Place a legal hold on the files. Require authorized users to abide by a strict time context access policy. Monitor the files for unauthorized changes.
Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.
Threat Management
Cybersecurity Tool Sets
Management would like to make changes to the company s infrastructure following a recent incident in which a malicious insider was able to pivot to another workstation that had access to the server environment. Which of the following controls would work BEST to prevent this type of event from reoccurring?
EDR
DLP
NAC
IPS
Cyber Incident Response
Security Architecture and Tool Sets
A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http:///a.php in a phishing email.
To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the __________.
To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the __________.
email server that automatically deletes attached executables.
IDS to match the malware sample.
proxy to block all connections to .
firewall to block connection attempts to dynamic DNS hosts.
Threat Management
Cyber Incident Response
A security analyst wants to identify which vulnerabilities a potential attacker might initially exploit if the network is compromised. Which of the following would provide the BEST results?
Baseline configuration assessment
Uncredentialed scan
Network ping sweep
External penetration test
Threat Management
Cybersecurity Tool Sets
Bootloader malware was recently discovered on several company workstations. All the workstations run Windows and are current models with UEFI capability.
Which of the following UEFI settings is the MOST likely cause of the infections?
Which of the following UEFI settings is the MOST likely cause of the infections?
Compatibility mode
Secure boot mode
Native mode
Fast boot mode
Threat Management
Cyber Incident Response
A security analyst recently discovered two unauthorized hosts on the campus s wireless network segment from a man-in-the-middle attack. The security analyst also verified that privileges were not escalated, and the two devices did not gain access to other network devices. Which of the following would BEST mitigate and improve the security posture of the wireless network for this type of attack?
Enable MAC filtering on the wireless router and suggest a stronger encryption for the wireless network
Change the SSID, strengthen the passcode, and implement MAC filtering on the wireless router
Enable MAC filtering on the wireless router and create a whitelist that allows devices on the network
Conduct a wireless survey to determine if the wireless strength needs to be reduced
Cyber Incident Response
Security Operations and Monitoring
A security analyst needs to acquire evidence by cloning hard drives, which will then be acquired by a third-party forensic lab. The security analyst is concerned about modifying evidence on the hard drives. Which of the following should be the NEXT step to preserve the evidence?
Apply encryption over the data during the evidence collection process.
Create a file hash of the drive images and clones.
Use an encrypted USB stick to transfer the data from the hard drives.
Initiate a chain of custody document and ask the data owner to sign it.
Cyber Incident Response
A company s data is still being exfiltered to business competitors after the implementation of a DLP solution. Which of the following is the most likely reason why the data is still being compromised?
Printed reports from the database contain sensitive information
DRM must be implemented with the DLP solution
Users are not labeling the appropriate data sets
DLP solutions are only effective when they are implemented with disk encryption
Threat Management
Cyber Incident Response
A security analyst at a technology solutions firm has uncovered the same vulnerabilities on a vulnerability scan for a long period of time. The vulnerabilities are on systems that are dedicated to the firm s largest client. Which of the following is MOST likely inhibiting the remediation efforts?
The parties have an MOU between them that could prevent shutting down the systems
There is a potential disruption of the vendor-client relationship
Patches for the vulnerabilities have not been fully tested by the software vendor
There is an SLA with the client that allows very little downtime
Security Operations and Monitoring
Comments