• Home
  • Articles
  • Prepare Top CompTIA CS0-002 Exam Study Guide Practice Questions Edition [Q63-Q82]

Prepare Top CompTIA CS0-002 Exam Study Guide Practice Questions Edition [Q63-Q82]

Share

Prepare Top CompTIA CS0-002 Exam Study Guide Practice Questions Edition

Go to CS0-002 Questions - Try CS0-002 dumps pdf 

NEW QUESTION 63
An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets.
Which of the following should be considered FIRST prior to disposing of the electronic data?

  • A. Sanitization policy
  • B. Encryption policy
  • C. Data sovereignty
  • D. Retention standards

Answer: D

 

NEW QUESTION 64
A security analyst is building a malware analysis lab. The analyst wants to ensure malicious applications are not capable of escaping the virtual machines and pivoting to other networks.
To BEST mitigate this risk, the analyst should use.

  • A. a managed switch to segment the lab into a separate VLAN.
  • B. an unmanaged switch to segment the environments from one another.
  • C. a firewall to isolate the lab network from all other networks.
  • D. an 802.11ac wireless bridge to create an air gap.

Answer: A

 

NEW QUESTION 65
A security professional is analyzing the results of a network utilization report. The report includes the following information:

Which of the following servers needs further investigation?

  • A. mrktg.file.srvr.02
  • B. web.srvr.03
  • C. hr.dbprod.01
  • D. R&D.file.srvr.01

Answer: C

 

NEW QUESTION 66
While conducting a network infrastructure review, a security analyst discovers a laptop that is plugged into a core switch and hidden behind a desk.
The analyst sees the following on the laptop's screen:

Which of the following is the BEST action for the security analyst to take?

  • A. Take the FILE-SHARE-A server offline and scan it for viruses.
  • B. Disconnect the laptop and ask the users jsmith and progers to log out.
  • C. Initiate a scan of devices on the network to find password-cracking tools.
  • D. Force all users in the domain to change their passwords at the next login.

Answer: A

 

NEW QUESTION 67
A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server to achieve the highest level of security To BEST complete this task, the analyst should place the:

  • A. VPN server behind the firewall
  • B. VPN on the firewall
  • C. VPN server parallel to the firewall
  • D. firewall behind the VPN server

Answer: C

 

NEW QUESTION 68
A security analyst has received reports of very slow, intermittent access to a public-facing corporate server. Suspecting the system may be compromised, the analyst runs the following commands:

Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?

  • A. Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.
  • B. Run kill -9 1325 to bring the load average down so the server is usable again.
  • C. Examine the server logs for further indicators of compromise of a web application.
  • D. Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.

Answer: C

 

NEW QUESTION 69
A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:

The analyst runs the following command next:

Which of the following would explain the difference in results?

  • A. ICMP is being blocked by a firewall.
  • B. The routing tables for ping and hping3 were different.
  • C. The original ping command needed root permission to execute.
  • D. hping3 is returning a false positive.

Answer: A

 

NEW QUESTION 70
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output:

Which of the following lines indicates the computer may be compromised?

  • A. Line 6
  • B. Line 1
  • C. Line 4
  • D. Line 5
  • E. Line 3
  • F. Line 2

Answer: C

 

NEW QUESTION 71
An analyst is detecting Linux machines on a Windows network. Which of the following tools should be used to detect a computer operating system?

  • A. nslookup
  • B. nmap
  • C. whois
  • D. netstat

Answer: B

 

NEW QUESTION 72
A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company's network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?

  • A. Someone has configured an unauthorized SMTP application over SSL
  • B. The server is receiving a secure connection using the new TLS 1.3 standard
  • C. A connection from the database to the web front end is communicating on the port
  • D. The traffic is common static data that Windows servers send to Microsoft

Answer: A

 

NEW QUESTION 73
A small organization has proprietary software that is used internally.
The system has not been well maintained and cannot be updated with the rest of the environment.
Which of the following is the BEST solution?

  • A. Implement MFA on the specific system.
  • B. Only allow access to the system via a jumpbox
  • C. Virtualize the system and decommission the physical machine.
  • D. Remove it from the network and require air gapping.

Answer: C

 

NEW QUESTION 74
An analyst is conducting a log review and identifies the following snippet in one of the logs:

Which of the following MOST likely caused this activity?

  • A. SQL injection
  • B. Forgotten password
  • C. Brute force
  • D. Privilege escalation

Answer: C

 

NEW QUESTION 75
Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below:
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http:// schemas.s/soap/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/">
<request+xmlns:a="http://schemas.somesite.org"+xmlns:i="http://www.w3.org/2001/ XMLSchema-instance"></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200
0 1006 1001 0 192.168.1.22
POST /services/v1_0/Public/Members.svc/soap <<a:Password>Password123</
a:Password><a:ResetPasswordToken+i:nil="true"/>
<a:ShouldImpersonatedAuthenticationBePopulated+i:nil="true"/
><a:Username>[email protected]</a:Username></request></Login></s:Body></ s:Envelope> 192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89 POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http:// schemas.xmlsoap.org/soap/envelope/"><s:Body><GetIPLocation+xmlns="http:// tempuri.org/"> <a:IPAddress>516.7.446.605</a:IPAddress><a:ZipCode+i:nil="true"/
></request></GetIPLocation></s:Body></s:Envelope> 192.168.1.22 - -
api.somesite.com 200 0 1003 1011 307 192.168.1.22
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http:// schemas.xmlsoap.org/soap/envelope/"><s:Body><IsLoggedIn+xmlns="http:// tempuri.org/"> <request+xmlns:a="http://schemas.datacontract.org/2004/07/ somesite.web+xmlns:i="http://www.w3.org/2001/XMLSchema- instance"><a:Authentication>
<a:ApiToken>kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd</
a:ApiToken><a:ImpersonateUserId>0</a:ImpersonateUserId><a:LocationId>161222</ a:LocationId> <a:NetworkId>4</a:NetworkId><a:ProviderId>''1=1</ a:ProviderId><a:UserId>13026046</a:UserId></a:Authentication></request></ IsLoggedIn></s:Body></s:Envelope> 192.168.5.66 - - api.somesite.com 200 0 1378
1209 48 192.168.4.89
Which of the following MOST likely explains how the clients' accounts were compromised?

  • A. The clients' authentication tokens were impersonated and replayed.
  • B. An XSS scripting attack was carried out on the server.
  • C. A SQL injection attack was carried out on the server.
  • D. The clients' usernames and passwords were transmitted in cleartext.

Answer: A

 

NEW QUESTION 76
During a recent audit, there were a lot of findings similar to and including the following:

Which of the following would be the BEST way to remediate these findings and minimize similar findings in the future?

  • A. Use an automated patch management solution.
  • B. Schedule regular vulnerability scans for all servers on the network.
  • C. Run Microsoft Baseline Security Analyzer on all of the servers.
  • D. Remove the affected software programs from the servers.

Answer: A

 

NEW QUESTION 77
A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats.
Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?

  • A. Log correlation, monitoring, and automated reporting through a SIEM platform
  • B. Quarterly vulnerability scanning using credentialed scans
  • C. Development of a hypothesis as part of threat hunting
  • D. Continuous compliance monitoring using SCAP dashboards

Answer: C

Explanation:
Explanation

 

NEW QUESTION 78
An analyst has been asked to provide feedback regarding the control required by a revised regulatory framework At this time, the analyst only needs to focus on the technical controls. Which of the following should the analyst provide an assessment of?

  • A. Tokenization of sensitive data
  • B. Formal identification of data ownership
  • C. Reporting on data retention and purging activities
  • D. Establishment o' data classifications
  • E. Execution of NDAs

Answer: A

 

NEW QUESTION 79
A security analyst is performing ongoing scanning and continuous monitoring of the corporate datacenter. Over time, these scans are repeatedly showing susceptibility to the same vulnerabilities and an increase in new vulnerabilities on a specific group of servers that are clustered to run the same application. Which of the following vulnerability management processes should be implemented?

  • A. Automated report generation
  • B. Group policy modification
  • C. Frequent server scanning
  • D. Regular patch application

Answer: D

 

NEW QUESTION 80
A user received an invalid password response when trying to change the password. Which of the following policies could explain why the password is invalid?

  • A. Data ownership policy
  • B. Access control policy
  • C. Password policy
  • D. Account management policy

Answer: C

 

NEW QUESTION 81
A company's security officer needs to implement geographical IP blocks for nation-state actors from a foreign country On which of the following should the blocks be implemented'?

  • A. Network access control
  • B. Data loss prevention
  • C. Web content filter
  • D. Access control list

Answer: D

 

NEW QUESTION 82
......


Incident Response: 22%

  • Analyzing possible indicators of compromise: this domain includes network-related, host-related, and application-related compromises.
  • Applying the relevant incident response procedure: this subject area covers competence in preparation, detection and analysis, containment, eradication & recovery, and post-incident events.
  • Using fundamental forensics methods: this objective covers network, Endpoint, mobile, Cloud, virtualization, legal hold, procedures, hashing, carving, and data acquisition.

 

Free CompTIA CySA+ CS0-002 Exam Question: https://www.examtorrent.com/CS0-002-valid-vce-dumps.html

Dumps Practice Exam Questions Study Guide for the CS0-002 Exam: https://drive.google.com/open?id=1ZdD1GLhjB2_qLMq9RTlmDt1hiBGfD5nh

Related Articles

more
CompTIA CS0-002 Certification Practice Exam

ExamTorrent offers you the best exam torrent, excellent test torrent and valid exam dumps. Choose us, 100% pass for sure! We provide one-stop service and full package of exam torrent that helps you pass exams and acquire the certificates successfully.

Latest Test Dump

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ExamTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
ExamTorrent.com does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. ExamTorrent does not own or claim any ownership on any of the brands.