CompTIA CS0-002 Practice Test

A compliance officer of a large organization has reviewed the firm's vendor management
program but has discovered there are no controls defined to evaluate third-party risk or
hardware source authenticity. The compliance officer wants to gain some level of
assurance on a recurring basis regarding the implementation of controls by third parties.
Which of the following would BEST satisfy the objectives defined by the compliance
officer? (Choose two.)

A.

Executing vendor compliance assessments against the organization's security controls

B.

Executing NDAs prior to sharing critical data with third parties

C.

Soliciting third-party audit reports on an annual basis

D.

Maintaining and reviewing the organizational risk assessment on a quarterly basis

E.

Completing a business impact assessment for all critical service providers

F.

Utilizing DLP capabilities at both the endpoint and perimeter levels

security analyst needs to determine the best method for securing access to a top-secret datacenter Along with an access card and PIN code, which of the following additional authentication methods would be BEST to enhance the datacenter's security?

A.

Physical key

B.

Retinal scan

C.

Passphrase

D.

Fingerprint

A development team uses open-source software and follows an Agile methodology with
two-week sprints. Last month, the security team filed a bug for an insecure version of a
common library. The DevOps team updated the library on the server, and then the security
team rescanned the server to verify it was no longer vulnerable. This month, the security
team found the same vulnerability on the server.
Which of the following should be done to correct the cause of the vulnerability?

A.

Deploy a WAF in front of the application.

B.

Implement a software repository management tool.

C.

Install a HIPS on the server.

D.

Instruct the developers to use input validation in the code.

An analyst identifies multiple instances of node-to-node communication between several
endpoints within the 10.200.2.0/24 network and a user machine at the IP address
10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating
outbound communication during atypical business hours with several IP addresses that
have recently appeared on threat feeds.
Which of the following can be inferred from this activity?

A.

10.200.2.0/24 is infected with ransomware.

B.

10.200.2.0/24 is not routable address space.

C.

10.200.2.5 is a rogue endpoint

D.

10.200.2.5 is exfiltrating datA

Which of the following software security best practices would prevent an attacker from
being able to run arbitrary SQL commands within a web application? (Choose two.)

A.

Parameterized queries

B.

Session management

C.

Input validation

D.

Output encoding

E.

Data protection

F.

Authentication

Which of the following are the MOST likely reasons lo include reporting processes when updating an incident response plan after a breach? (Select TWO).

A.

To establish a clear chain of command

B.

To meet regulatory requirements for timely reporting

C.

To limit reputation damage caused by the breach

D.

To remediate vulnerabilities that led to the breach

E.

To isolate potential insider threats

F.

To provide secure network design changes

A security analyst is responding to an incident on a web server on the company network
that is making a large number of outbound requests over DNS Which of the following is the
FIRST step the analyst should take to evaluate this potential indicator of compromise'?

A.

Run an anti-malware scan on the system to detect and eradicate the current threat

B.

Start a network capture on the system to look into the DNS requests to validate
command and control traffic.

C.

Shut down the system to prevent further degradation of the company network

D.

Reimage the machine to remove the threat completely and get back to a normal running state.

E.

Isolate the system on the network to ensure it cannot access other systems while
evaluation is underway.

During a cyber incident, which of the following is the BEST course of action?

A.

Switch to using a pre-approved, secure, third-party communication system.

B.

Keep the entire company informed to ensure transparency and integrity during the
incident.

C.

Restrict customer communication until the severity of the breach is confirmed

D.

Limit communications to pre-authorized parties to ensure response efforts remain
confidential.

An organization's internal department frequently uses a cloud provider to store large amounts of sensitive data. A threat actor has deployed a virtual machine to at the use of the cloud hosted hypervisor, the threat actor has escalated the access rights. Which of the following actions would be BEST to remediate the vulnerability?

A.

Sandbox the virtual machine.

B.

Implement an MFA solution.

C.

Update lo the secure hypervisor version.

D.

Implement dedicated hardware for each customer.

A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server
to achieve the highest level of security To BEST complete this task, the analyst should
place the:

A.

firewall behind the VPN server

B.

VPN server parallel to the firewall

C.

VPN server behind the firewall

D.

VPN on the firewall