CompTIA CS0-002 Practice Test

An organization developed a comprehensive incident response policy. Executive
management approved the policy and its associated procedures. Which of the following
activities would be MOST beneficial to evaluate personnel’s familiarity with incident
response procedures?

A.

A simulated breach scenario involving the incident response team

B.

Completion of annual information security awareness training by all employees

C.

Tabletop activities involving business continuity team members

D.

Completion of lessons-learned documentation by the computer security incident
response team

E.

External and internal penetration testing by a third party

A security analyst is providing a risk assessment for a medical device that will be installed
on the corporate network. During the assessment, the analyst discovers the device has an
embedded operating system that will be at the end of its life in two years. Due to the
criticality of the device, the security committee makes a risk- based policy decision to
review and enforce the vendor upgrade before the end of life is reached.
Which of the following risk actions has the security committee taken?

A.

Risk exception

B.

Risk avoidance

C.

Risk tolerance

D.

Risk acceptance

A security analyst implemented a solution that would analyze the attacks that the
organization’s firewalls failed to prevent. The analyst used the existing systems to enact the
solution and executed the following command.
S sudo nc -1 -v -c maildemon . py 25 caplog, txt
Which of the following solutions did the analyst implement?

A.

Log collector

B.

Crontab mail script

C.

Snikhole

D.

Honeypot

Ransomware is identified on a company's network that affects both Windows and MAC
hosts. The command and control channel for encryption for this variant uses TCP ports
from 11000 to 65000. The channel goes to good1. Iholdbadkeys.com, which resolves to IP
address 72.172.16.2.
Which of the following is the MOST effective way to prevent any newly infected systems
from actually encrypting the data on connected network drives while causing the least
disruption to normal Internet traffic?

A.

Block all outbound traffic to web host good1 iholdbadkeys.com at the border gateway

B.

Block all outbound TCP connections to IP host address 172.172.16.2 at the border
gateway.

C.

Block all outbound traffic on TCP ports 11000 to 65000 at the border gateway.

D.

Block all outbound traffic on TCP ports 11000 to 65000 to IP host address 172.172.16.2
at the border gateway.

An organization developed a comprehensive modern response policy Executive
management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel's familiarity with incident
response procedures?

A.

A simulated breach scenario evolving the incident response team

B.

Completion of annual information security awareness training by ail employees

C.

Tabtetop activities involving business continuity team members

D.

Completion of lessons-learned documentation by the computer security incident
response team

E.

External and internal penetration testing by a third party

An organization has a policy that requires servers to be dedicated to one function and unneeded services to be disabled. Given the following output from an Nmap scan of a web server:

Which of the following ports should be closed?

A.

22

B.

80

C.

443

D.

1433

A company just chose a global software company based in Europe to implement a new
supply chain management solution. Which of the following would be the MAIN concern of
the company?

A.

Violating national security policy

B.

Packet injection

C.

Loss of intellectual property

D.

International labor laws

A company has a cluster of web servers that is critical to the business. A systems
administrator installed a utility to troubleshoot an issue, and the utility caused the entire cluster to 90 offline. Which of the following solutions would work BEST prevent to this from happening again?

A.

Change management

B.

Application whitelisting

C.

Asset management

D.

Privilege management

An analyst is working with a network engineer to resolve a vulnerability that was found in a
piece of legacy hardware, which is critical to the operation of the organization's production
line. The legacy hardware does not have third-party support, and the OEM manufacturer of
the controller is no longer in operation. The analyst documents the activities and verifies
these actions prevent remote exploitation of the vulnerability.
Which of the following would be the MOST appropriate to remediate the controller?

A.

Segment the network to constrain access to administrative interfaces

B.

Replace the equipment that has third-party support

C.

Remove the legacy hardware from the network

D.

Install an IDS on the network between the switch and the legacy equipment.

It is important to parameterize queries to prevent:

A.

the execution of unauthorized actions against a database.

B.

a memory overflow that executes code with elevated privileges

C.

the esrtablishment of a web shell that would allow unauthorized access

D.

the queries from using an outdated library with security vulnerabilities.