• Home
  • Articles
  • [Q86-Q108] Accurate & Verified 2024 New CS0-002 Answers As Experienced in the Actual Test!

[Q86-Q108] Accurate & Verified 2024 New CS0-002 Answers As Experienced in the Actual Test!

Share

Accurate & Verified 2024 New CS0-002 Answers As Experienced in the Actual Test!

CS0-002 Certification Sample Questions certification Exam

NEW QUESTION # 86
A security analyst recently observed evidence of an attack against a company's web server. The analyst investigated the issue but was unable to find an exploit that adequately explained the observations.
Which of the following is the MOST likely cause of this issue?

  • A. The security analyst has potentially found a zero-day vulnerability that has been exploited.
  • B. The security analyst has encountered a polymorphic piece of malware.
  • C. The security analyst needs more training on threat hunting and research.
  • D. The security analyst needs updated forensic analysis tools.

Answer: A

Explanation:
If an analyst observes evidence of an attack but cannot find an exploit that adequately explains the observations, it may indicate the presence of a zero-day vulnerability, which is an unknown vulnerability that attackers can exploit to gain unauthorized access to systems. In such cases, traditional security tools may not be able to detect or prevent the attack. Therefore, the analyst should investigate further to identify and mitigate the vulnerability to prevent further exploitation.


NEW QUESTION # 87
A custom script currently monitors real-time logs of a SAMIL authentication server to mitigate brute-force attacks. Which of the following is a concern when moving authentication to a cloud service?

  • A. Log data may be visible to other customers.
  • B. Logs may contain incorrect information.
  • C. Access to logs may be delayed for some time.
  • D. SAML logging is not supported for cloud-based authentication.

Answer: A


NEW QUESTION # 88
The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses worldwide.
Which of the following controls would BEST protect the service?

  • A. Blacklisting unauthorized IP addresses
  • B. Whitelisting authorized IP addresses
  • C. Enforcing more complex password requirements
  • D. Establishing a sinkhole service

Answer: A


NEW QUESTION # 89
A security analyst wants to confirm a finding from a penetration test report on the internal web server. To do so, the analyst logs into the web server using SSH to send the request locally. The report provides a link to https://hrserver.internal/../../etc/passwd, and the server IP address is
10.10.10.15. However, after several attempts, the analyst cannot get the file, despite attempting to get it using different ways, as shown below.

Which of the following would explain this problem? (Choose two.)

  • A. The web server uses SNI to check for a domain name
  • B. Requests can only be sent remotely to the web server
  • C. The password file is write protected
  • D. The web service has not started

Answer: A,C


NEW QUESTION # 90
A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:

Which of the following can the analyst conclude?

  • A. Data is being exfiltrated over DNS.
  • B. The system is running a DoS attack against ajgidwle.com.
  • C. Malware is attempting to beacon to 128.50.100.3.
  • D. The system is scanning ajgidwle.com for PII.

Answer: A


NEW QUESTION # 91
Portions of a legacy application are being refactored to discontinue the use of dynamic SQL Which of the following would be BEST to implement in the legacy application?

  • A. Multifactor authentication
  • B. SQL injection
  • C. Input validation
  • D. Parameterized queries
  • E. Web-application firewall

Answer: B


NEW QUESTION # 92
During a quarterly review of user accounts and activity, a security analyst noticed that after a password reset the head of human resources has been logging in from multiple locations, including several overseas. Further review of the account showed access rights to a number of corporate applications, including a sensitive accounting application used for employee bonuses.
Which of the following security methods could be used to mitigate this risk?

  • A. RADIUS identity management
  • B. Privilege escalation restrictions
  • C. Elimination of self-service password resets
  • D. Context-based authentication

Answer: D


NEW QUESTION # 93
A hacker issued a command and received the following response:

Which of the following describes what the hacker is attempting?

  • A. Penetrating the system
  • B. OS fingerprinting
  • C. Performing a zombie scan
  • D. Topology discovery

Answer: A


NEW QUESTION # 94
During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:

To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and .

  • A. DST 138.10.2.5.
  • B. DST 138.10.25.5.
  • C. DST 172.10.3.5.
  • D. DST 175.35.20.5.
  • E. DST 172.10.45.5.

Answer: A


NEW QUESTION # 95
Which of the following policies would state an employee should not disable security safeguards, such as host firewalls and antivirus, on company systems?

  • A. Code of conduct policy
  • B. Acceptable use policy
  • C. Password policy
  • D. Account management policy

Answer: B


NEW QUESTION # 96
In web application scanning, static analysis refers to scanning:

  • A. an application that is installed and active on a system.
  • B. the compiled code of the application to detect possible issues.
  • C. an application that is installed on a system that is assigned a static IP.
  • D. the system for vulnerabilities before installing the application.

Answer: B

Explanation:
Explanation
This type of analysis is performed before the application is installed and active on a system, and it involves examining the code without actually executing it in order to identify potential vulnerabilities or security risks.
As per CYSA+ 002 Study Guide: Static analysis is conducted by reviewing the code for an application. Static analysis does not run the program; instead, it focuses on understanding how the program is written and what the code is intended to do.


NEW QUESTION # 97
A company's marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party, mail.marketing.com. Below is the existing SPF record:
v=spf1 a mx -all
Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?

  • A. v=spf1 a mx include:mail.marketing.com ~all
  • B. v=spf1 a mx include:mail.marketing.com -all
  • C. v=spf1 a mx +all
  • D. v=spf1 a mx redirect:mail.marketing.com ?all

Answer: A


NEW QUESTION # 98
While reviewing a cyber-risk assessment, an analyst notes there are concerns related to FPGA usage. Which of the following statements would BEST convince the analyst's supervisor to use additional controls?

  • A. FPGAs are expensive to produce. Anti-counterierting safeguards are needed.
  • B. FPGAs have an inflexible architecture. Additional training for developers is needed
  • C. FPGAs are vulnerable to malware installation and require additional protections for their codebase.
  • D. FPGAs are expensive and can only be programmed once. Code deployment safeguards are needed.

Answer: B


NEW QUESTION # 99
Industry partners from critical infrastructure organizations were victims of attacks on their SCADA devices.
The attacker was able to gain access to the SCADA by logging in to an account with weak credentials. Which of the following identity and access management solutions would help to mitigate this risk?

  • A. Endpoint detection and response
  • B. Multifactor authentication
  • C. Role-based access control
  • D. Manual access reviews

Answer: C

Explanation:
Explanation
RBAC helps organizations manage access to critical infrastructure networks by assigning access based on roles. This allows organizations to control who can access specific resources and helps eliminate weak credentials that attackers could exploit. Manual reviews and endpoint detection and response can also help to mitigate risk, but role based access control is the best solution for this scenario.


NEW QUESTION # 100
A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:

The analyst runs the following command next:

Which of the following would explain the difference in results?

  • A. hping3 is returning a false positive.
  • B. ICMP is being blocked by a firewall.
  • C. The original ping command needed root permission to execute.
  • D. The routing tables for ping and hping3 were different.

Answer: B


NEW QUESTION # 101
An organization wants to move non-essential services into a cloud computing environment.
Management has a cost focus and would like to achieve a recovery time objective of 12 hours.
Which of the following cloud recovery strategies would work BEST to attain the desired outcome?

  • A. Establish a hot site with active replication to another region within the same cloud provider.
  • B. Duplicate all services in another instance and load balance between the instances.
  • C. Configure the systems with a cold site at another cloud provider that can be used for failover.
  • D. Set up a warm disaster recovery site with the same cloud provider in a different region

Answer: D


NEW QUESTION # 102
A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating dat a. The security engineer also see that deployed, up-to-date antivirus signatures are ineffective. Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

  • A. Port security
  • B. Sinkholing
  • C. IDS signatures
  • D. Data loss prevention

Answer: B

Explanation:
Sinkholing is a technique for manipulating data flow in a network; you redirect traffic from its intended destination to the server of your choosing. It can be used maliciously, to steer legitimate traffic away from its intended recipient, but security professionals more commonly use sinkholing as a tool for research and reacting to attacks1 Sinkholing can help prevent any impact to the company from similar attacks in the future by redirecting the malicious traffic from the compromised assets to a sinkhole server, where it can be monitored, analyzed, or blocked. Sinkholing can also prevent the compromised assets from communicating with their command and control servers or exfiltrating data to remote destinations.


NEW QUESTION # 103
A security analyst needs to assess the web server versions on a list of hosts to determine which are running a vulnerable version of the software and output that list into an XML file named Webserverlist. Xml. The host list is provided in a file named werbserverlist,text. Which of the fallowing Nmap commands would BEST accomplish this goal?
A)

B)

C)

D)

  • A. Option B
  • B. Option A
  • C. Option D
  • D. Option C

Answer: B


NEW QUESTION # 104
Several accounting department users are reporting unusual Internet traffic in the browsing history of their workstations after returning to work and logging in. The building security team informs the IT security team that the cleaning staff was caught using the systems after the accounting department users left for the day. Which of the following steps should the IT security team take to help prevent this from happening again? (Choose two.)

  • A. Set up a camera to monitor the workstations for unauthorized use.
  • B. Configure NAC to set time-based restrictions on the accounting group to normal business hours.
  • C. Configure mandatory access controls to allow only accounting department users to access the workstations.
  • D. Install a web monitor application to track Internet usage after hours.
  • E. Configure a policy for workstation account timeout at three minutes.

Answer: B,E


NEW QUESTION # 105
A vulnerability scanner has identified an out-of-support database software version running on a server. The software update will take six to nine months to complete. The management team has agreed to a one-year extended support contract with the software vendor. Which of the following BEST describes the risk treatment in this scenario?

  • A. The extended support contract changes this vulnerability finding to a false positive.
  • B. The company is accepting the inherent risk of the vulnerability.
  • C. The company is transferring the risk for the vulnerability to the software vendor.
  • D. The extended support mitigates any risk associated with the software.

Answer: B

Explanation:
Explanation
Risk Acceptance
o A risk response that involves determining that a risk is within the organization's risk appetite and no countermeasures other than ongoing monitoring will be needed Mitigation Control Avoidance Changing plans Transference Insurance Acceptance Low risk


NEW QUESTION # 106
A team of security analysis has been alerted to potential malware activity. The initial examination indicates one of the affected workstations on beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team's NEXT step during the detection phase of this response process?

  • A. Depending on system critically remove each affected device from the network by disabling wired and wireless connections
  • B. Escalate the incident to management ,who will then engage the network infrastructure team to keep them informed
  • C. Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses
    Identify potentially affected systems by creating a correlation
  • D. Identify potentially affected system by creating a correlation search in the SIEM based on the network traffic.

Answer: D


NEW QUESTION # 107
Which of the following solutions is the BEST method to prevent unauthorized use of an API?

  • A. Rate liming
  • B. Geofencing
  • C. HTTPS
  • D. Authentication

Answer: D

Explanation:
Authentication is a method of verifying a user's identity by requiring some piece of evidence, such as something the user knows (e.g., password), something the user has (e.g., token), or something the user is (e.g., fingerprint). Authentication is the best method to prevent unauthorized use of an API, because it ensures that only legitimate users can access or use the API functions or data. HTTPS, geofencing, or rate limiting are other methods that can enhance the security or performance of an API, but they do not prevent unauthorized use of an API. Reference: https://www.redhat.com/en/topics/api/what-is-api-security


NEW QUESTION # 108
......

Certification Topics of CS0-002 Exam PDF Recently Updated Questions: https://prepaway.testinsides.top/CS0-002-dumps-review.html

Related Articles

more
CompTIA CS0-002 Certification Practice Exam

Our TestInsides has employed a lot of leading experts in the field in order to compile the exam materials. Many candidates are attracted by our high quality dumps. It turned out that choose our study materials will help you pass the exam in short time.

Latest Test Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 TestInsides NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy