While reviewing a vulnerability assessment, an analyst notices the following issue is identified in the report:
this finding, which of the following would be most appropriate for the analyst to recommend to the network engineer? A. Reconfigure the device to support only connections leveraging TLSv1.2. B. Obtain a new self-signed certificate and select AES as the hashing algorithm. C Replace the existing certificate with a certificate that uses only MD5 for signing. D. Use only signed certificates with cryptographically secure certificate sources.
A security analyst discovers the accounting department is hosting an accounts receivable form on a public document service. Anyone with the link can access it.
Which of the following threats applies to this situation?
A. Potential data loss to external users B. Loss of public/private key management C. Cloud-based authentication attack D. Insufficient access logging .
A security analyst discovers the company’s website is vulnerable to cross-site scripting. Which of the following solutions will BEST remedy the vulnerability? A. Prepared statements B. Server-side input validation C. Client-side input encoding D. Disabled JavaScript filtering.
During the forensic analysis of a compromised machine, a security analyst discovers some binaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content. Which of the following is the NEXT step the analyst should take?
A. Validate the binaries' hashes from a trusted source. B. Use file integrity monitoring to validate the digital signature. C. Run an antivirus against the binaries to check for malware. D. Only allow whitelisted binaries to execute.
A. The host attempted to download an application from utoftor.com. B. The host downloaded an application from utoftor.com. C. The host attempted to make a secure connection to utoftor.com. D. The host rejected the connection from utoftor.com.
As part of an intelligence feed, a security analyst receives a report from a third-party trusted source. Within the report are several domains and reputational information that suggest the company's employees may be targeted for a phishing campaign. Which of the following configuration changes would be the MOST appropriate for intelligence gathering?
A. Update the whitelist. B. Develop a malware signature. C. Sinkhole the domains. D. Update the blacklist.
A. <100>2 2020-01-10T20:36:01.010Z financeserver sudo 201 32001 - BOM 'sudo vi users.txt' success B. <100>2 2020-01-10T21:18:34.002Z adminserver sudo 201 32001 - BOM 'sudo more /etc/passwords' success C. <100>2 2020-01-10T19:33:48.002Z webserver su 201 32001 - BOM 'su' success D. <100>2 2020-01-10T21:53:11.002Z financeserver su 201 32001 - BOM 'su vi syslog.conf failed for joe.
The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the company's single Internet connection. Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT department? A. Require the guest machines to install the corporate-owned EDR solution B. Configure NAC to only allow machines on the network that are patched and have active antivirus C. Place a firewall in between the corporate network and the guest network D. Configure the IPS with rules that will detect common malware signatures traveling from the guest network.
A. A dynamic library that is needed by the executable is missing. B. Input can be crafted to trigger an injection attack in the executable. C. The tool caused a buffer overflow in the executable's memory. D. The executable attempted to execute a malicious command.
https://www.examtopics.com/discussions/comptia/view/100178-exam-cs0-002-topic-1-question-326-discussion/ PBQ WS1 - True Positive (Encrypt Entire Session)
WS2 - False Positive (Submit as non-issue)
WS3 - True Positive (Request certificate from a public CA) PBQ.
Deploy a signature-based IDS Install a UEBA-capable antivirus Implement email protection with SPF Create a custom rule on a SIEM.
A company creates digitally signed packages for its devices. Which of the following BEST describes the method by which the security packages are delivered to the company's customers?
A. Anti-tamper mechanism B. SELinux C. Trusted firmware updates D. eFuse.
A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during incident response. Which of the following procedures is the NEXT step for further investigation? A. Data carving B. Timeline construction C. File cloning D. Reverse engineering .
Which of the following factors would determine the regulations placed on data under data sovereignty laws? What the company intends to do with the data it owns The company's data security policy The type of data the company stores The data laws of the country in which the company is located.
An analyst determines a security incident has occurred Which of the following is the most appropnate NEXT
step in an incident response plan? A. Consult the malware analysis process B. Consult the disaster recovery plan C. Consult the data classification process D. Consult the communications plan.
An organizational policy requires one person to input accounts payable and another to do accounts receivable. A separate control requires one person to write a check and another person to sign all checks greater than $5.000 and to get an additional signature for checks greater than $10,000. Which of the following controls has the organization implemented?
A. Separation of duties B. Job rotation C. Non-repudiation D. Dual control.
A. Delete CloudDev access key 1. B. Delete BusinessUsr access key 1. C. Delete access key 1. D. Delete access key 2.
https://www.examtopics.com/discussions/comptia/view/81066-exam-cs0-002-topic-1-question-125-discussion/ A. The comptia user knows the sudo password. B. The comptia user executed the sudo su command. C. The comptia user knows the root password. D. The comptia user added himself or herself to the /etc/sudoers file.
An analyst is responding to an incident involving an attack on a company-owned mobile device that was being used by an employee to collect data from clients in the field. Malware was loaded on the device via the installation of a third-party software package. The analyst has baselined the device. Which of the following should the analyst do to BEST mitigate future attacks? A. Implement MDM. B. Update the malware catalog. C. Patch the mobile device's OS. D. Block third-party applications.
|
