CS0-002 | The Leading Guide To CS0-002 Pdf

We provide real CS0-002 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass CompTIA CS0-002 Exam quickly & easily. The CS0-002 PDF type is available for reading and printing. You can print more and practice many times. With the help of our CompTIA CS0-002 dumps pdf and vce product and material, you can easily pass the CS0-002 exam.

Check CS0-002 free dumps before getting the full version:

NEW QUESTION 1
An employee in the billing department accidentally sent a spreadsheet containing payment card data to a recipient outside the organization The employee intended to send the spreadsheet to an internal staff member with a similar name and was unaware of the mistake until the recipient replied to the message In addition to retraining the employee, which of the following would prevent this from happening in the future?

  • A. Implement outgoing filter rules to quarantine messages that contain card data
  • B. Configure the outgoing mail filter to allow attachments only to addresses on the whitelist
  • C. Remove all external recipients from the employee's address book
  • D. Set the outgoing mail filter to strip spreadsheet attachments from all messages.

Answer: B

NEW QUESTION 2
A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.
Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)

  • A. Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities.
  • B. Remove the servers reported to have high and medium vulnerabilities.
  • C. Tag the computers with critical findings as a business risk acceptance.
  • D. Manually patch the computers on the network, as recommended on the CVE website.
  • E. Harden the hosts on the network, as recommended by the NIST framework.
  • F. Resolve the monthly job issues and test them before applying them to the production network.

Answer: CE

NEW QUESTION 3
A security analyst has discovered suspicious traffic and determined a host is connecting to a known malicious website. The MOST appropriate action for the analyst to take would be lo implement a change request to:

  • A. update the antivirus software
  • B. configure the firewall to block traffic to the domain
  • C. add the domain to the blacklist
  • D. create an IPS signature for the domain

Answer: B

NEW QUESTION 4
A security analyst has received information from a third-party intelligence-sharing resource that indicates employee accounts were breached.
Which of the following is the NEXT step the analyst should take to address the issue?

  • A. Audit access permissions for all employees to ensure least privilege.
  • B. Force a password reset for the impacted employees and revoke any tokens.
  • C. Configure SSO to prevent passwords from going outside the local network.
  • D. Set up privileged access management to ensure auditing is enabled.

Answer: B

NEW QUESTION 5
The inability to do remote updates of certificates, keys, software, and firmware is a security issue commonly associated with:

  • A. web servers on private networks
  • B. HVAC control systems
  • C. smartphones
  • D. firewalls and UTM devices

Answer: D

NEW QUESTION 6
Ann, a user, reports to the security team that her browser began redirecting her to random sites while using her Windows laptop. Ann further reports that the OS shows the C: drive is out of space despite having plenty of space recently. Ann claims she not downloaded anything. The security team obtains the laptop and begins to investigate, noting the following:
CS0-002 dumps exhibit File access auditing is turned off.
CS0-002 dumps exhibit When clearing up disk space to make the laptop functional, files that appear to be cached web pages are immediately created in a temporary directory, filling up the available drive space.
CS0-002 dumps exhibit All processes running appear to be legitimate processes for this user and machine.
CS0-002 dumps exhibit Network traffic spikes when the space is cleared on the laptop.
CS0-002 dumps exhibit No browser is open.
Which of the following initial actions and tools would provide the BEST approach to determining what is happening?

  • A. Delete the temporary files, run an Nmap scan, and utilize Burp Suite.
  • B. Disable the network connection, check Sysinternals Process Explorer, and review netstat output.
  • C. Perform a hard power down of the laptop, take a dd image, and analyze with FTK.
  • D. Review logins to the laptop, search Windows Event Viewer, and review Wireshark captures.

Answer: B

NEW QUESTION 7
A security team wants to make SaaS solutions accessible from only the corporate campus.
Which of the following would BEST accomplish this goal?

  • A. Geofencing
  • B. IP restrictions
  • C. Reverse proxy
  • D. Single sign-on

Answer: A

NEW QUESTION 8
A large software company wants to move «s source control and deployment pipelines into a cloud-computing environment. Due to the nature of the business management determines the recovery time objective needs to be within one hour. Which of the following strategies would put the company in the BEST position to achieve the desired recovery time?

  • A. Establish an alternate site with active replication to other regions
  • B. Configure a duplicate environment in the same region and load balance between both instances
  • C. Set up every cloud component with duplicated copies and auto scaling turned on
  • D. Create a duplicate copy on premises that can be used for failover in a disaster situation

Answer: A

NEW QUESTION 9
The computer incident response team at a multinational company has determined that a breach of sensitive data has occurred in which a threat actor has compromised the organization’s email system. Per the incident response procedures, this breach requires notifying the board immediately. Which of the following would be the BEST method of communication?

  • A. Post of the company blog
  • B. Corporate-hosted encrypted email
  • C. VoIP phone call
  • D. Summary sent by certified mail
  • E. Externally hosted instant message

Answer: C

NEW QUESTION 10
During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website.
Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in the future?

  • A. An IPS signature modification for the specific IP addresses
  • B. An IDS signature modification for the specific IP addresses
  • C. A firewall rule that will block port 80 traffic
  • D. A firewall rule that will block traffic from the specific IP addresses

Answer: D

NEW QUESTION 11
A user receives a potentially malicious email that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review.
Which of the following commands would MOST likely indicate if the email is malicious?

  • A. sha256sum ~/Desktop/file.pdf
  • B. file ~/Desktop/file.pdf
  • C. strings ~/Desktop/file.pdf | grep "<script"
  • D. cat < ~/Desktop/file.pdf | grep -i .exe

Answer: A

NEW QUESTION 12
A cybersecurity analyst is responding to an incident. The company’s leadership team wants to attribute the incident to an attack group. Which of the following models would BEST apply to the situation?

  • A. Intelligence cycle
  • B. Diamond Model of Intrusion Analysis
  • C. Kill chain
  • D. MITRE ATT&CK

Answer: B

NEW QUESTION 13
A security analyst is reviewing the following log from an email security service.
CS0-002 dumps exhibit
Which of the following BEST describes the reason why the email was blocked?

  • A. The To address is invalid.
  • B. The email originated from the www.spamfilter.org URL.
  • C. The IP address and the remote server name are the same.
  • D. The IP address was blacklisted.
  • E. The From address is invalid.

Answer: D

NEW QUESTION 14
A security analyst recently discovered two unauthorized hosts on the campus's wireless network segment from a man-m-the-middle attack .The security analyst also verified that privileges were not escalated, and the two devices did not gain access to other network devices Which of the following would BEST mitigate and improve the security posture of the wireless network for this type of attack?

  • A. Enable MAC filtering on the wireless router and suggest a stronger encryption for the wireless network,
  • B. Change the SSID, strengthen the passcode, and implement MAC filtering on the wireless router.
  • C. Enable MAC filtering on the wireless router and create a whitelist that allows devices on the network
  • D. Conduct a wireless survey to determine if the wireless strength needs to be reduced.

Answer: A

NEW QUESTION 15
Which of the following MOST accurately describes an HSM?

  • A. An HSM is a low-cost solution for encryption.
  • B. An HSM can be networked based or a removable USB
  • C. An HSM is slower at encrypting than software
  • D. An HSM is explicitly used for MFA

Answer: A

NEW QUESTION 16
......

100% Valid and Newest Version CS0-002 Questions & Answers shared by Certshared, Get Full Dumps HERE: https://www.certshared.com/exam/CS0-002/ (New 186 Q&As)