CS0-002Free trialFree trial

By comptia
Aug, 2025

Verified

25Q per page

Question 1

Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?

  • A: Security regression testing
  • B: Code review
  • C: User acceptance testing
  • D: Stress testing

Question 2

A Chief Executive Officer (CEO) is concerned the company will be exposed to data sovereignty issues as a result of some new privacy regulations. To help mitigate this risk, the Chief Information Security Officer (CISO) wants to implement an appropriate technical control. Which of the following would meet the requirement?

  • A: Data masking procedures
  • B: Enhanced encryption functions
  • C: Regular business impact analysis functions
  • D: Geographic access requirements

Question 3

Massivelog.log has grown to 40GB on a Windows server. At this size, local tools are unable to read the file, and it cannot be moved off the virtual server where it is located. Which of the following lines of PowerShell script will allow a user to extract the last 10,000 lines of the log for review?

  • A: tail -10000 Massivelog.log > extract.txt
  • B: info tail n -10000 Massivelog.log | extract.txt;
  • C: get content './Massivelog.log' -Last 10000 | extract.txt
  • D: get-content './Massivelog.log' -Last 10000 > extract.txt;

Question 4

A cybersecurity analyst is establishing a threat-hunting and intelligence group at a growing organization. Which of the following is a collaborative resource that would MOST likely be used for this purpose?

  • A: IoC feeds
  • B: CVSS scores
  • C: Scrum
  • D: ISAC

Question 5

Which of the following are considered PI I by themselves? (Choose two.)

  • A: Government ID
  • B: Job title
  • C: Employment start date
  • D: Birth certificate
  • E: Employer address
  • F: Mother's maiden name

Question 6

A security analyst needs to provide the development team with secure connectivity from the corporate network to a three-tier cloud environment. The developers require access to servers in all three tiers in order to perform various configuration tasks. Which of the following technologies should the analyst implement to provide secure transport?

  • A: CASB
  • B: VPC
  • C: Federation
  • D: VPN

Question 7

A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company's network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?

  • A: The server is configured to communicate on the secure database standard listener port.
  • B: Someone has configured an unauthorized SMTP application over SSL.
  • C: A connection from the database to the web front end is communicating on the port.
  • D: The server is receiving a secure connection using the new TLS 1.3 standard.

Question 8

A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:

Image 1

Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

  • A: PC1
  • B: PC2
  • C: Server1
  • D: Server2
  • E: Firewall

Question 9

The help desk is having difficulty keeping up with all onboarding and offboarding requests. Managers often submit requests for new users at the last minute, causing the help desk to scramble to create accounts across many different interconnected systems. Which of the following solutions would work BEST to assist the help desk with the onboarding and offboarding process while protecting the company's assets?

  • A: MFA
  • B: CASB
  • C: SSO
  • D: RBAC

Question 10

Which of the following is MOST important when developing a threat hunting program?

  • A: Understanding penetration testing techniques
  • B: Understanding how to build correlation rules within a SIEM
  • C: Understanding security software technologies
  • D: Understanding assets and categories of assets

Question 11

A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server to achieve the highest level of security. To BEST complete this task, the analyst should place the:

  • A: firewall behind the VPN server.
  • B: VPN server parallel to the firewall
  • C: VPN server behind the firewall.
  • D: VPN on the firewall.

Question 12

An executive assistant wants to onboard a new cloud-based product to help with business analytics and dashboarding. Which of the following would be the BEST integration option for this service?

  • A: Manually log in to the service and upload data files on a regular basis.
  • B: Have the internal development team script connectivity and file transfers to the new service.
  • C: Create a dedicated SFTP site and schedule transfers to ensure file transport security.
  • D: Utilize the cloud product's API for supported and ongoing integrations.

Question 13

Which of the following is a difference between SOAR and SCAP?

  • A: SOAR can be executed faster and with fewer false positives than SCAP because of advanced heuristics.
  • B: SOAR has a wider breadth of capability using orchestration and automation, while SCAP is more limited in scope.
  • C: SOAR is less expensive because process and vulnerability remediation is more automated than what SCAP does.
  • D: SOAR eliminates the need for people to perform remediation, while SCAP relies heavily on security analysts.

Question 14

An information security analyst discovered a virtual machine server was compromised by an attacker. Which of the following should be the FIRST steps to confirm and respond to the incident? (Choose two.)

  • A: Pause the virtual machine.
  • B: Shut down the virtual machine.
  • C: Take a snapshot of the virtual machine.
  • D: Remove the NIC from the virtual machine.
  • E: Review host hypervisor log of the virtual machine.
  • F: Execute a migration of the virtual machine.

Question 15

The security team decides to meet informally to discuss and test their response plan for potential security breaches and emergency situations. Which of the following types of training will the security team perform?

  • A: Tabletop exercise
  • B: Red-team attack
  • C: System assessment implementation
  • D: Blue-team training
  • E: White-team engagement

Question 16

Which of the following BEST explains the function of TPM?

  • A: To provide hardware-based security features using unique keys
  • B: To ensure platform confidentiality by storing security measurements
  • C: To improve management of the OS Installations
  • D: To implement encryption algorithms for hard drives

Question 17

A security analyst is investigating an incident related to an alert from the threat detection platform on a host (10.0.1.25) in a staging environment that could be running a cryptomining tool because it is sending traffic to an IP address that is related to Bitcoin.
The network rules for the instance are the following:

Image 1

Which of the following is the BEST way to isolate and triage the host?

  • A: Remove rules 1, 2, and 3.
  • B: Remove rules 1, 2, 4, and 5.
  • C: Remove rules 1, 2, 3, 4, and 5.
  • D: Remove rules 1. 2, and 5.
  • E: Remove rules 1, 4, and 5.
  • F: Remove rules 4 and 5.

Question 18

Which of the following BEST describes what an organization's incident response plan should cover regarding how the organization handles public or private disclosures of an incident?

  • A: The disclosure section should focus on how to reduce the likelihood customers will leave due to the incident.
  • B: The disclosure section should contain the organization's legal and regulatory requirements regarding disclosures.
  • C: The disclosure section should include the names and contact information of key employees who are needed for incident resolution.
  • D: The disclosure section should contain language explaining how the organization will reduce the likelihood of the incident from happening in the future.

Question 19

An organization has the following policy statements:
✑ All emails entering or leaving the organization will be subject to inspection for malware, policy violations, and unauthorized content.
✑ All network activity will be logged and monitored.
✑ Confidential data will be tagged and tracked.
✑ Confidential data must never be transmitted in an unencrypted form.
✑ Confidential data must never be stored on an unencrypted mobile device.
Which of the following is the organization enforcing?

  • A: Acceptable use policy
  • B: Data privacy policy
  • C: Encryption policy
  • D: Data management policy

Question 20

An organization has the following risk mitigation policies:
✑ Risks without compensating controls will be mitigated first if the risk value is greater than $50,000.
✑ Other risk mitigation will be prioritized based on risk value.
The following risks have been identified:

Image 1

Which of the following is the order of priority for risk mitigation from highest to lowest?

  • A: A, C, D, B
  • B: B. C, D, A
  • C: C, B, A, D
  • D: C, D, A, B
  • E: D, C, B, A

Question 21

After examining a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using?

  • A: Header analysis
  • B: File carving
  • C: Metadata analysis
  • D: Data recovery

Question 22

In SIEM software, a security analyst detected some changes to hash signatures from monitored files during the night followed by SMB brute-force attacks against the file servers. Based on this behavior, which of the following actions should be taken FIRST to prevent a more serious compromise?

  • A: Fully segregate the affected servers physically in a network segment, apart from the production network.
  • B: Collect the network traffic during the day to understand if the same activity is also occurring during business hours.
  • C: Check the hash signatures, comparing them with malware databases to verify if the files are infected.
  • D: Collect all the files that have changed and compare them with the previous baseline.

Question 23

While monitoring the information security notification mailbox, a security analyst notices several emails were reported as spam. Which of the following should the analyst do FIRST?

  • A: Block the sender in the email gateway.
  • B: Delete the email from the company's email servers.
  • C: Ask the sender to stop sending messages.
  • D: Review the message in a secure environment.

Question 24

An organization has a policy that requires servers to be dedicated to one function and unneeded services to be disabled. Given the following output from an Nmap scan of a web server:

Image 1

Which of the following ports should be closed?

  • A: 21
  • B: 80
  • C: 443
  • D: 1433

Question 25

While implementing a PKI for a company, a security analyst plans to utilize a dedicated server as the certificate authority that is only used to sign intermediate certificates. Which of the following are the MOST secure states for the certificate authority server when it is not in use? (Choose two.)

  • A: On a private VLAN
  • B: Full disk encrypted
  • C: Powered off
  • D: Backed up hourly
  • E: VPN accessible only
  • F: Air gapped
Page 1 of 17 • Questions 1-25 of 422
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!