Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CS0-002Free trial

By comptia

Verified

25Q per page

Question 51

A company's domain has been spoofed in numerous phishing campaigns. An analyst needs to determine why the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that fails DMARC. Upon review of the record, the analyst finds the following: v=DMARC1; p=none; fo=0; rua=mailto:security@company.com; ruf=mailto:security@company.com; adkim=r; rf=afrf; ri=86400;
Which of the following BEST explains the reason why the company's requirements are not being processed correctly by mailbox providers?

A: The DMARC record's DKIM alignment tag is incorrectly configured.
B: The DMARC record's policy tag is incorrectly configured.
C: The DMARC record does not have an SPF alignment tag.
D: The DMARC record's version tag is set to DMARC1 instead of the current version, which is DMARC3.

—

Question 52

A company experienced a security compromise due to the inappropriate disposal of one of its hardware appliances. Sensitive information stored on the hardware appliance was not removed prior to disposal. Which of the following is the BEST manner in which to dispose of the hardware appliance?

A: Ensure the hardware appliance has the ability to encrypt the data before disposing of it.
B: Dispose of all hardware appliances securely, thoroughly, and in compliance with company policies.
C: Return the hardware appliance to the vendor, as the vendor is responsible for disposal.
D: Establish guidelines for the handling of sensitive information.

—

Question 53

During a review of the vulnerability scan results on a server, an information security analyst notices the following:

The MOST appropriate action for the analyst to recommend to developers is to change the web server so:

A: it only accepts TLSv1 .2.
B: it only accepts cipher suites using AES and SHA.
C: it no longer accepts the vulnerable cipher suites.
D: SSL/TLS is offloaded to a WAF and load balancer.

—

Question 54

A threat hunting team received a new IoC from an ISAC that follows a threat actor's profile and activities. Which of the following should be updated NEXT?

A: The whitelist
B: The DNS
C: The blocklist
D: The IDS signature

—

Question 55

A security analyst discovers a standard user has unauthorized access to the command prompt, PowerShell, and other system utilities. Which of the following is the BEST action for the security analyst to take?

A: Disable the appropriate settings in the administrative template of the Group Policy.
B: Use AppLocker to create a set of whitelist and blacklist rules specific to group membership.
C: Modify the registry keys that correlate with the access settings for the System32 directory.
D: Remove the user's permissions from the various system executables.

—

Question 56

The Chief Information Officer of a large cloud software vendor reports that many employees are falling victim to phishing emails because they appear to come from other employees. Which of the following would BEST prevent this issue?

A: Include digital signatures on messages originating within the company.
B: Require users to authenticate to the SMTP server.
C: Implement DKIM to perform authentication that will prevent the issue.
D: Set up an email analysis solution that looks for known malicious links within the email.

—

Question 57

While reviewing incident reports from the previous night, a security analyst notices the corporate websites were defaced with political propaganda. Which of the following BEST describes this type of actor?

A: Hacktivist
B: Nation-state
C: Insider threat
D: Organized crime

—

Question 58

A security analyst needs to provide a copy of a hard drive for forensic analysis. Which of the following would allow the analyst to perform the task?

A: dcfldd if=/dev/one of=/mnt/usb/evidence.bin hash=md5, sha1 hashlog=/mnt/usb/evidence.bin.hashlog
B: dd if=/dev/sda of=/mnt/usb/evidence.bin bs=4096; sha5l2sum /mnt/usb/evidence.bin > /mnt/usb/evidence.bin.hash
C: tar -zcf /mnt/usb/evidence.tar.gz / -except /mnt; sha256sum /mnt/usb/evidence.tar.gz > /mnt/usb/evidence.tar.gz.hash
D: find / -type f -exec cp {} /mnt/usb/evidence/ \; sha1sum /mnt/usb/evidence/* > /mnt/usb/evidence/evidence.hash

—

Question 59

A Chief Information Security Officer (CISO) is concerned developers have too much visibility into customer data. Which of the following controls should be implemented to BEST address these concerns?

A: Data masking
B: Data loss prevention
C: Data minimization
D: Data sovereignty

—

Question 60

During a forensic investigation, a security analyst reviews some Session Initiation Protocol packets that came from a suspicious IP address. Law enforcement requires access to a VoIP call that originated from the suspicious IP address. Which of the following should the analyst use to accomplish this task?

A: Wireshark
B: iptables
C: Tcp dump
D: Net flow

—

Question 61

A security team has begun updating the risk management plan, incident response plan, and system security plan to ensure compliance with security review guidelines. Which of the following can be executed by internal managers to simulate and validate the proposed changes?

A: Internal management review
B: Control assessment
C: Tabletop exercise
D: Peer review

—

Question 62

A small electronics company decides to use a contractor to assist with the development of a new FPGA-based device. Several of the development phases will occur off-site at the contractor's labs. Which of the following is the main concern a security analyst should have with this arrangement?

A: Making multiple trips between development sites increases the chance of physical damage to the FPGAs.
B: Moving the FPGAs between development sites will lessen the time that is available for security testing.
C: Development phases occurring at multiple sites may produce change management issues.
D: FPGA applications are easily cloned, increasing the possibility of intellectual property theft.

—

Question 63

A security analyst needs to reduce the overall attack surface. Which of the following infrastructure changes should the analyst recommend?

A: Implement a honeypot.
B: Air gap sensitive systems.
C: Increase the network segmentation.
D: Implement a cloud-based architecture.

—

Question 64

A company's security team recently discovered a number of workstations that are at the end of life. The workstation vendor informs the team that the product is no longer supported, and patches are no longer available. The company is not prepared to cease its use of these workstations. Which of the following would be the
BEST method to protect these workstations from threats?

A: Deploy whitelisting to the identified workstations to limit the attack surface.
B: Determine the system process criticality and document it.
C: Isolate the workstations and air gap them when it is feasible.
D: Increase security monitoring on the workstations.

—

Question 65

A small business does not have enough staff in the accounting department to segregate duties. The comptroller writes the checks for the business and reconciles them against the ledger. To ensure there is no fraud occurring, the business conducts quarterly reviews in which a different officer in the business compares all the cleared checks against the ledger. Which of the following BEST describes this type of control?

A: Deterrent
B: Preventive
C: Compensating
D: Detective

—

Question 66

A company offers a hardware security appliance to customers that provides remote administration of a device on the customer's network. Customers are not authorized to alter the configuration. The company deployed a software process to manage unauthorized changes to the appliance, log them, and forward them to a central repository for evaluation. Which of the following processes is the company using to ensure the appliance is not altered from its original configured state?

A: CI/CD
B: Software assurance
C: Anti-tamper
D: Change management

—

Question 67

During an incident, it is determined that a customer database containing email addresses, first names, and last names was exfiltrated. Which of the following should the security analyst do NEXT?

A: Consult with the legal department for regulatory impact.
B: Encrypt the database with available tools.
C: Email the customers to inform them of the breach.
D: Follow the incident communications process.

—

Question 68

A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:

A: detection and prevention capabilities to improve.
B: which systems were exploited more frequently.
C: possible evidence that is missing during forensic analysis.
D: which analysts require more training.
E: the time spent by analysts on each of the incidents.

—

Question 69

As part of the senior leadership team's ongoing risk management activities, the Chief Information Security Officer has tasked a security analyst with coordinating the right training and testing methodology to respond to new business initiatives or significant changes to existing ones. The management team wants to examine a new business process that would use existing infrastructure to process and store sensitive data. Which of the following would be appropriate for the security analyst to coordinate?

A: A black-box penetration testing engagement
B: A tabletop exercise
C: Threat modeling
D: A business impact analysis

—

Question 70

Which of the following BEST describes how logging and monitoring work when entering into a public cloud relationship with a service provider?

A: Logging and monitoring are not needed in a public cloud environment.
B: Logging and monitoring are done by the data owners.
C: Logging and monitoring duties are specified in the SLA and contract.
D: Logging and monitoring are done by the service provider.

—

Question 71

During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity. The analyst also notes there is no other alert in place for this traffic. After resolving the security incident, which of the following would be the
BEST action for the analyst to take to increase the chance of detecting this traffic in the future?

A: Share details of the security incident with the organization's human resources management team.
B: Note the security incident so other analysts are aware the traffic is malicious.
C: Communicate the security incident to the threat team for further review and analysis.
D: Report the security incident to a manager for inclusion in the daily report.

—

Question 72

An organization's internal department frequently uses a cloud provider to store large amounts of sensitive data. A threat actor has deployed a virtual machine to attack another virtual machine to gain access to the data. Through the use of the cloud host's hypervisor, the threat actor has escalated the access rights. Which of the following actions would be BEST to remediate the vulnerability the attacker has used to exploit the system?

A: Sandbox the virtual machine.
B: Implement an MFA solution.
C: Update to the secure hypervisor version.
D: Implement dedicated hardware for each customer.

—

Question 73

At which of the following phases of the SDLC should security FIRST be involved?

A: Design
B: Maintenance
C: Implementation
D: Analysis
E: Planning
F: Testing

—

Question 74

During routine monitoring, a security analyst identified the following enterprise network traffic:
Packet capture output:

Which of the following BEST describes what the security analyst observed?

A: 66.187.224.210 set up a DNS hijack with 192.168.12.21.
B: 192.168.12.21 made a TCP connection to 66.187.224.210.
C: 192.168.12.21 made a TCP connection to 209.132.177.50.
D: 209.132.177.50 set up a TCP reset attack to 192.168.12.21.

—

Question 75

Due to a rise in cyber attackers seeking PHI, a healthcare company that collects highly sensitive data from millions of customers is deploying a solution that will ensure the customers' data is protected by the organization internally and externally. Which of the following countermeasures can BEST prevent the loss of customers' sensitive data?

A: Implement privileged access management.
B: Implement a risk management process.
C: Implement multifactor authentication.
D: Add more security resources to the environment.

—

Page 3 of 17 • Questions 51-75 of 422

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!