Download CompTIA Cybersecurity Analyst.CS0-002.CertDumps.2023-11-24.298q.vcex

Vendor: CompTIA
Exam Code: CS0-002
Exam Name: CompTIA Cybersecurity Analyst
Date: Nov 24, 2023
File Size: 7 MB
Downloads: 10
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
A malicious hacker wants to gather guest credentials on a hotel 802.11 network. Which of the following tools is the malicious hacker going to use to gain access to information found on the hotel network?
  1. Nikto
  2. Aircrak-ng
  3. Nessus
  4. tcpdump
Correct answer: B
Question 2
A security analyst needs to identify possible threats to a complex system a client is developing. Which of the following methodologies would BEST address this task?
  1. Open Source Security Information Management (OSSIM)
  2. Software Assurance Maturity Model (SAMM)
  3. Open Web Application Security Project (OWASP)
  4. Spoofing, Tampering. Repudiation, Information disclosure. Denial of service, Elevation of privileges (STRIDE)
Correct answer: C
Question 3
An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds. 
Which of the following can be inferred from this activity?
  1. 10.200.2.0/24 is infected with ransomware.
  2. 10.200.2.0/24 is not routable address space. 
  3. 10.200.2.5 is a rogue endpoint.
  4. 10.200.2.5 is exfiltrating datA.
Correct answer: D
Question 4
A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month The affected servers are virtual machines Which of the following is the BEST course of action?
  1. Shut down the servers as soon as possible, move them to a clean environment, restart, run a vulnerability scanner to find weaknesses determine the root cause, remediate, and report
  2. Report the data exfiltration to management take the affected servers offline, conduct an antivirus scan, remediate all threats found, and return the servers to service.
  3. Disconnect the affected servers from the network, use the virtual machine console to access the systems, determine which information has left the network, find the security weakness, 
    and remediate
  4. Determine if any other servers have been affected, snapshot any servers found, determine the vector that was used to allow the data exfiltration. fix any vulnerabilities, remediate, and report.
Correct answer: A
Question 5
A security analyst is reviewing the following log entries to identify anomalous activity:
    
Which of the following attack types is occurring?
  1. Directory traversal
  2. SQL injection
  3. Buffer overflow 
  4. Cross-site scripting
Correct answer: A
Question 6
An organization recently discovered some inconsistencies in the motherboards it received from a vendor. The organization's security team then provided guidance on how to ensure the authenticity of the motherboards it received from vendors. 
Which of the following would be the BEST recommendation for the security analyst to provide'?
  1. The organization should evaluate current NDAs to ensure enforceability of legal actions.
  2. The organization should maintain the relationship with the vendor and enforce vulnerability scans.
  3. The organization should ensure all motherboards are equipped with a TPM.
  4. The organization should use a certified, trusted vendor as part of the supply chain.
Correct answer: D
Question 7
A newly appointed Chief Information Security Officer (CISO) has completed a risk assessment review of the organization and wants to reduce the numerous risks that were identified. Which of the following will provide a trend of risk mitigation?
  1. Risk response
  2. Risk analysis
  3. Planning 
  4. Oversight
  5. Continuous monitoring
Correct answer: A
Question 8
A security manager has asked an analyst to provide feedback on the results of a penetration lest. After reviewing the results the manager requests information regarding the possible exploitation of vulnerabilities Much of the following information data points would be MOST useful for the analyst to provide to the security manager who would then communicate the risk factors to senior management? (Select TWO)
  1. Probability
  2. Adversary capability
  3. Attack vector
  4. Impact
  5. Classification
  6. Indicators of compromise
Correct answer: AD
Question 9
While investigating an incident in a company's SIEM console, a security analyst found hundreds of failed SSH login attempts, which all occurred in rapid succession. The failed attempts were followed by a successful login on the root user Company policy allows systems administrators to manage their systems only from the company's internal network using their assigned corporate logins. Which of the following are the BEST actions the analyst can take to stop any further compromise?  
(Select TWO). 
A Configure /etc/sshd_config to deny root logins and restart the SSHD service.
  1. Add a rule on the network IPS to block SSH user sessions
  2. Configure /etc/passwd to deny root logins and restart the SSHD service.
  3. Reset the passwords for all accounts on the affected system.
  4. Add a rule on the perimeter firewall to block the source IP address.
  5. Add a rule on the affected system to block access to port TCP/22. 
  6. Add a rule on the network IPS to block SSH user sessions
  7. Configure /etc/passwd to deny root logins and restart the SSHD service.
  8. Reset the passwords for all accounts on the affected system.
  9. Add a rule on the perimeter firewall to block the source IP address.
  10. Add a rule on the affected system to block access to port TCP/22.
Correct answer: D
Question 10
An organization's Chief Information Security Officer (CISO) has asked department leaders to coordinate on communication plans that can be enacted in response to different cybersecurity incident triggers 
Which of the following is a benefit of having these communication plans?
  1. They can help to prevent the inadvertent release of damaging information outside the organization.
  2. They can quickly inform the public relations team to begin coordinating with the media as soon as a breach is detected.
  3. They can help to keep the organization's senior leadership informed about the status of patching during the recovery phase.
  4. They can help to limit the spread of worms by coordinating with help desk personnel earlier in the recovery phase.
Correct answer: C
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!