Exam Logo

Comptia (CS0-002) Exam Questions And Answers page 8

An analyst has received a notification about potential malicious activity against a web server. The analyst logs in to a central log collection server and runs the following command: cat access.log.1 | grep union . The output shown below appears:

<68.71.54.117> [31/Jan/2020:10:02:31 0400] Get /cgi-bin/backend1.sh?id=%20union%20select%20192.168.60.50 HTTP/1.1

Which of the following attacks has occurred on the server?
Threat Management Cyber Incident Response
A security analyst is required to stay current with the most recent threat data and intelligence reports. When gathering data, it is MOST important for the data to be:
Threat Management
Given the Nmap request below:


Which of the following actions will an attacker be able to initiate directly against this host?
Security Architecture and Tool Sets Cybersecurity Tool Sets
During a routine log review, a security analyst has found the following commands that cannot be identified from the Bash history log on the root user:


Which of the following commands should the analyst investigate FIRST?
Security Architecture and Tool Sets Cybersecurity Tool Sets
An organization wants to mitigate against risks associated with network reconnaissance. ICMP is already blocked at the firewall; however, a penetration testing team has been able to perform reconnaissance against the organization s network and identify active hosts. An analyst sees the following output from a packet capture:


Which of the following phrases from the output provides information on how the testing team is successfully getting around the ICMP firewall rule?
Security Architecture and Tool Sets Security Operations and Monitoring
A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization:



Which of the following technologies would MOST likely be used to prevent this phishing attempt?
Threat Management Cyber Incident Response
A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet.

Which of the following solutions would meet this requirement?
Threat Management Cybersecurity Tool Sets
An analyst performs a routine scan of a host using Nmap and receives the following output:


Which of the following should the analyst investigate FIRST?
Security Operations and Monitoring
A security analyst is supporting an embedded software team. Which of the following is the BEST recommendation to ensure proper error handling at runtime?
Security Operations and Monitoring
During an investigation, an analyst discovers the following rule in an executive s email client:

IF * TO THEN mailto:
SELECT FROM sent THEN DELETE FROM

The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?
Security Operations and Monitoring