CompTIA CS0-002 Exam Practice Test Instant Access

Question 1

While investigating an incident in a company's SIEM console, a security analyst found hundreds of failed SSH login attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user Company policy allows systems administrators to manage their systems only from the company's internal network using their assigned corporate logins. Which of the following are the BEST actions the analyst can take to stop any further compromise? (Select TWO).

AConfigure /etc/sshd_config to deny root logins and restart the SSHD service.

BAdd a rule on the network IPS to block SSH user sessions

CConfigure /etc/passwd to deny root logins and restart the SSHD service.

DReset the passwords for all accounts on the affected system.

EAdd a rule on the perimeter firewall to block the source IP address.

FAdd a rule on the affected system to block access to port TCP/22.

Answer : A, E

Question 2

An organization's Chief Information Security Officer (CISO) has asked department leaders to coordinate on communication plans that can be enacted in response to different cybersecurity incident

triggers

Which of the following is a benefit of having these communication plans?

AThey can help to prevent the inadvertent release of damaging information outside the organization.

BThey can quickly inform the public relations team to begin coordinating with the media as soon as a breach is detected.

CThey can help to keep the organization's senior leadership informed about the status of patching during the recovery phase.

DThey can help to limit the spread of worms by coordinating with help desk personnel earlier in the recovery phase.

Answer : C

Question 3

A security analyst is generating a list of recommendations for the company's insecure API. Which of the following is the BEST parameter mitigation rec

AImplement parameterized queries.

BUse effective authentication and authorization methods.

CValidate all incoming data.

DUse TLs for all data exchanges.

Answer : D

Question 4

A security analyst needs to identify possible threats to a complex system a client is developing. Which of the following methodologies would BEST address this task?

AOpen Source Security Information Management (OSSIM)

BSoftware Assurance Maturity Model (SAMM)

COpen Web Application Security Project (OWASP)

DSpoofing, Tampering. Repudiation, Information disclosure. Denial of service, Elevation of privileges (STRIDE)

Answer : C

Question 5

An organization's network administrator uncovered a rogue device on the network that is emulating the charactenstics of a switch. The device is trunking protocols and inserting tagging va

the flow of traffic at the data link layer

Which of the following BEST describes this attack?

AVLAN hopping

BInjection attack

CSpoofing

DDNS pharming

Answer : A

Question 6

An organization is upgrading its network and all of its workstations The project will occur in phases, with infrastructure upgrades each month and workstation installs every other week. The schedule should accommodate the enterprise-wide changes, while minimizing the impact to the network. Which of the following schedules BEST addresses these requirements?

AMonthly topology scans, biweekly host discovery scans, weekly vulnerability scans

BMonthly vulnerability scans, biweekly topology scans, daily host discovery scans

CMonthly host discovery scans; biweekly vulnerability scans, monthly topology scans

DMonthly topology scans, biweekly host discovery scans, monthly vulnerability scans

Answer : D

Question 7

An organization is experiencing issues with emails that are being sent to external recipients Incoming emails to the organization are working fine. A security analyst receives the following screenshot ot email error from the help desk.

The analyst the checks the email server and sees many of the following messages in the logs.

Error 550 - Message rejected

Which of the following is MOST likely the issue?

AThe DMARC queue is full

BSPF is failing.

CPort 25 is not open.

DThe DKIM private key has expired

Answer : B