Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CS0-002Free trial

By comptia

Verified

25Q per page

Question 26

While conducting a cloud assessment, a security analyst performs a Prowler scan, which generates the following within the report:

Based on the Prowler report, which of the following is the BEST recommendation?

A: Delete CloudDev access key 1.
B: Delete BusinessUsr access key 1.
C: Delete access key 1.
D: Delete access key 2.

—

Question 27

After receiving reports of high latency, a security analyst performs an Nmap scan and observes the following output:

Which of the following suggests the system that produced this output was compromised?

A: Secure shell is operating on a non-standard port.
B: There are no indicators of compromise on this system.
C: MySQL service is identified on a standard PostgreSQL port.
D: Standard HTTP is open on the system and should be closed.

—

Question 28

An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions, the user's account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis. The organization has the following reporting priorities when reviewing system activity:
✑ Successful administrator login reporting priority " high ✑ Failed administrator login reporting priority " medium
✑ Failed temporary elevated permissions " low ✑ Successful temporary elevated permissions " non-reportable
A security analyst is reviewing server syslogs and sees the following:

Which of the following events is the HIGHEST reporting priority?

A: <100>2 2020-01-10T20:36:01.010Z financeserver sudo 201 32001 - BOM 'sudo vi users.txt' success
B: <100>2 2020-01-10T21:18:34.002Z adminserver sudo 201 32001 - BOM 'sudo more /etc/passwords' success
C: <100>2 2020-01-10T19:33:48.002Z webserver su 201 32001 - BOM 'su' success
D: <100>2 2020-01-10T21:53:11.002Z financeserver su 201 32001 - BOM 'su vi syslog.conf failed for joe

—

Question 29

An incident response team detected malicious software that could have gained access to credit card data. The incident response team was able to mitigate significant damage and implement corrective actions. By having incident response mechanisms in place, which of the following should be notified for lessons learned?

A: The human resources department
B: Customers
C: Company leadership
D: The legal team

—

Question 30

When investigating a report of a system compromise, a security analyst views the following /var/log/secure log file:

Which of the following can the analyst conclude from viewing the log file?

A: The comptia user knows the sudo password.
B: The comptia user executed the sudo su command.
C: The comptia user knows the root password.
D: The comptia user added himself or herself to the /etc/sudoers file.

—

Question 31

A security analyst is reviewing the following server statistics:

Which of the following is MOST likely occurring?

A: Race condition
B: Privilege escalation
C: Resource exhaustion
D: VM escape

—

Question 32

A company has started planning the implementation of a vulnerability management procedure. However, its security maturity level is low. So there are some prerequisites to complete before risk calculation and prioritization.
Which of the following should be completed FIRST?

A: A business impact analysis
B: A system assessment
C: Communication of the risk factors
D: A risk identification process

—

Question 33

An organization is experiencing security incidents in which a systems administrator is creating unauthorized user accounts. A security analyst has created a script to snapshot the system configuration each day. Following is one of the scripts: cat /etc/passwd > daily_$(date +"%m_%d_%Y")
This script has been running successfully every day. Which of the following commands would provide the analyst with additional useful information relevant to the above script?

A: diff daily_11_03_2019 daily_11_04_2019
B: ps ג€"ef | grep admin > daily_process_$(date +%m_%d_%Y")
C: more /etc/passwd > daily_$(date +%m_%d_%Y_%H:%M:%S")
D: la ג€"lai /usr/sbin > daily_applications

—

Question 34

A routine vulnerability scan detected a known vulnerability in a critical enterprise web application. Which of the following would be the BEST next step?

A: Submit a change request to have the system patched.
B: Evaluate the risk and criticality to determine if further action is necessary.
C: Notify a manager of the breach and initiate emergency procedures.
D: Remove the application from production and inform the users.

—

Question 35

An organization is upgrading its network and all of its workstations. The project will occur in phases, with infrastructure upgrades each month and workstation installs every other week. The schedule should accommodate the enterprise-wide changes, while minimizing the impact to the network. Which of the following schedules BEST addresses these requirements?

A: Monthly vulnerability scans, biweekly topology scans, daily host discovery scans
B: Monthly topology scans, biweekly host discovery scans, monthly vulnerability scans
C: Monthly host discovery scans, biweekly vulnerability scans, monthly topology scans
D: Monthly topology scans, biweekly host discovery scans, weekly vulnerability scans

—

Question 36

A manufacturing company uses a third-party service provider for Tier 1 security support. One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests. Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?

A: Implement a secure supply chain program with governance.
B: Implement blacklisting for IP addresses from outside the country
C: Implement strong authentication controls for all contractors.
D: Implement user behavior analytics for key staff members.

—

Question 37

A Chief Information Security Officer has asked for a list of hosts that have critical and high-severity findings as referenced in the CVE database. Which of the following tools would produce the assessment output needed to satisfy this request?

A: Nessus
B: Nikto
C: Fuzzer
D: Wireshark
E: Prowler

—

Question 38

A team of security analysts has been alerted to potential malware activity. The initial examination indicates one of the affected workstations is beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team's NEXT step during the detection phase of this response process?

A: Escalate the incident to management, who will then engage the network infrastructure team to keep them informed.
B: Depending on system criticality, remove each affected device from the network by disabling wired and wireless connections.
C: Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses.
D: Identify potentially affected systems by creating a correlation search in the SIEM based on the network traffic.

—

Question 39

An organization is developing software to match customers' expectations. Before the software goes into production, it must meet the following quality assurance guidelines:
Uncover all the software vulnerabilities.

✑ Safeguard the interest of the software's end users.
✑ Reduce the likelihood that a defective program will enter production.
✑ Preserve the interests of the software producer.
Which of the following should be performed FIRST?

A: Run source code against the latest OWASP vulnerabilities.
B: Document the life-cycle changes that took place.
C: Ensure verification and validation took place during each phase.
D: Store the source code in a software escrow.
E: Conduct a static analysis of the code.

—

Question 40

Which of the following APT adversary archetypes represent non-nation-state threat actors? (Choose two.)

A: Kitten
B: Panda
C: Tiger
D: Jackal
E: Bear
F: Spider

—

Question 41

A cybersecurity analyst is implementing a new network configuration on an existing network access layer to prevent possible physical attacks. Which of the following BEST describes a solution that would apply and cause fewer issues during the deployment phase?

A: Implement port security with one MAC address per network port of the switch.
B: Deploy network address protection with DHCP and dynamic VLANs
C: Configure 802.1X and EAPOL across the network.
D: Implement software-defined networking and security groups for isolation.

—

Question 42

Which of the following types of controls defines placing an ACL on a file folder?

A: Technical control
B: Confidentiality control
C: Managerial control
D: Operational control

—

Question 43

Which of the following BEST explains the function of trusted firmware updates as they relate to hardware assurance?

A: Trusted firmware updates provide organizations with development, compilation, remote access, and customization for embedded devices.
B: Trusted firmware updates provide organizations with security specifications, open-source libraries, and custom tools for embedded devices.
C: Trusted firmware updates provide organizations with remote code execution, distribution, maintenance, and extended warranties for embedded devices.
D: Trusted firmware updates provide organizations with secure code signing, distribution, installation, and attestation for embedded devices.

—

Question 44

After detecting possible malicious external scanning, an internal vulnerability scan was performed, and a critical server was found with an outdated version of
JBoss. A legacy application that is running depends on that version of JBoss. Which of the following actions should be taken FIRST to prevent server compromise and business disruption at the same time?

A: Make a backup of the server and update the JBoss server that is running on it.
B: Contact the vendor for the legacy application and request an updated version.
C: Create a proper DMZ for outdated components and segregate the JBoss server.
D: Apply virtualization over the server, using the new platform to provide the JBoss service for the legacy application as an external service.

—

Question 45

A company's application development has been outsourced to a third-party development team. Based on the SLA, the development team must follow industry best practices for secure coding. Which of the following is the BEST way to verify this agreement?

A: Input validation
B: Security regression testing
C: Application fuzzing
D: User acceptance testing
E: Stress testing

—

Question 46

SIMULATION -
Malware is suspected on a server in the environment.
The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers may be malware.

INSTRUCTIONS -
Servers 1, 2, and 4 are clickable. Select the Server and the process that host the malware.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

—

Question 47

During the security assessment of a new application, a tester attempts to log in to the application but receives the following message: incorrect password for given username. Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information?

A: Set the web page to redirect to an application support page when a bad password is entered.
B: Disable error messaging for authentication.
C: Recognize that error messaging does not provide confirmation of the correct element of authentication.
D: Avoid using password-based authentication for the application.

—

Question 48

A security analyst is reviewing the following Internet usage trend report:

Which of the following usernames should the security analyst investigate further?

A: User 1
B: User 2
C: User 3
D: User 4

—

Question 49

An analyst is responding to an incident involving an attack on a company-owned mobile device that was being used by an employee to collect data from clients in the field. Malware was loaded on the device via the installation of a third-party software package. The analyst has baselined the device. Which of the following should the analyst do to BEST mitigate future attacks?

A: Implement MDM.
B: Update the malware catalog.
C: Patch the mobile device's OS.
D: Block third-party applications.

—

Question 50

A security analyst at example.com receives SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream:
Packet capture:

TCP stream:

Which of the following actions should the security analyst take NEXT?

A: Review the known Apache vulnerabilities to determine if a compromise actually occurred.
B: Contact the application owner for connect.example.local for additional information.
C: Mark the alert as a false positive scan coming from an approved source.
D: Raise a request to the firewall team to block 203.0.113.15.

—

Page 2 of 17 • Questions 26-50 of 422

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!