CS0-002 CompTIA Exam Questions and Free Practice Test

Question 19

A web-based front end for a business intelligence application uses pass-through authentication to authenticate users The application then uses a service account, to perform queries and look up data m a database A security analyst discovers employees are accessing data sets they have not been authorized to use. Which of the following will fix the cause of the issue?

A. Change the security model to force the users to access the database as themselves

B. Parameterize queries to prevent unauthorized SQL queries against the database

C. Configure database security logging using syslog or a SIEM

D. Enforce unique session IDs so users do not get a reused session ID

Correct Answer:B

Question 20

A security team wants to make SaaS solutions accessible from only the corporate campus.
Which of the following would BEST accomplish this goal?

A. Geofencing

B. IP restrictions

C. Reverse proxy

D. Single sign-on

Correct Answer:A

Question 21

Which of the following sets of attributes BEST illustrates the characteristics of an insider threat from a security perspective?

A. Unauthorized, unintentional, benign

B. Unauthorized, intentional, malicious

C. Authorized, intentional, malicious

D. Authorized, unintentional, benign

Correct Answer:C

Question 22

An incident responder successfully acquired application binaries off a mobile device for later forensic analysis. Which of the following should the analyst do NEXT?

A. Decompile each binary to derive the source code.

B. Perform a factory reset on the affected mobile device.

C. Compute SHA-256 hashes for each binary.

D. Encrypt the binaries using an authenticated AES-256 mode of operation.

E. Inspect the permissions manifests within each application.

Correct Answer:C

Question 23

A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT.
Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?

A. Attack vectors

B. Adversary capability

C. Diamond Model of Intrusion Analysis

D. Kill chain

E. Total attack surface

Correct Answer:B

Question 24

A team of security analysis has been alerted to potential malware activity. The initial examination indicates one of the affected workstations on beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team's NEXT step during the detection phase of this response process?

A. Escalate the incident to management ,who will then engage the network infrastructure team to keep them informed

B. Depending on system critically remove each affected device from the network by disabling wired and wireless connections

C. Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses Identify potentially affected systems by creating a correlation

D. Identify potentially affected system by creating a correlation search in the SIEM based on the network traffic.

Correct Answer:D

START CS0-002 EXAM