• Home
  • Blogs
  • [Q132-Q149] PASS CS0-002 exam with CompTIA Real Exam Questions - 100% Valid!

[Q132-Q149] PASS CS0-002 exam with CompTIA Real Exam Questions - 100% Valid!

Share

PASS CS0-002 exam with CompTIA Real Exam Questions - 100% Valid!

Actual CS0-002 Exam Recently Updated Questions with Free Demo

NEW QUESTION # 132
Understanding attack vectors and integrating intelligence sources are important components of:

  • A. risk management compliance.
  • B. a vulnerability management plan.
  • C. proactive threat hunting
  • D. an incident response plan.

Answer: A


NEW QUESTION # 133
A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is comptia.org. The testing is successful, and the security technician is prepared to fully implement the solution.
Which of the following actions should the technician take to accomplish this task?

  • A. Add TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the domain controller.
  • B. Add TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the web server.
  • C. Add TXT @ "v=spf1 mx include:_spf.comptia.org −all" to the email server.
  • D. Add TXT @ "v=spf1 mx include:_spf.comptia.org −all" to the DNS record.

Answer: D

Explanation:
Reference:
https://blog.finjan.com/email-spoofing/


NEW QUESTION # 134
A security analyst wants to confirm a finding from a penetration test report on the internal web server. To do so, the analyst logs into the web server using SSH to send the request locally. The report provides a link to https://hrserver.internal/../../etc/passwd, and the server IP address is
10.10.10.15. However, after several attempts, the analyst cannot get the file, despite attempting to get it using different ways, as shown below.

Which of the following would explain this problem? (Choose two.)

  • A. Requests can only be sent remotely to the web server
  • B. The password file is write protected
  • C. The web service has not started
  • D. The web server uses SNI to check for a domain name

Answer: B,D


NEW QUESTION # 135
A security analyst has discovered that an outbound SFTP process is occurring at the same time of day for the past several days. At the time this was discovered, large amounts of business critical data were delivered. The authentication for this process occurred using a service account with proper credentials. The security analyst investigated the destination IP for this transfer and discovered that this new process is not documented in the change management log. Which of the following would be the BEST course of action for the analyst to take?

  • A. Run a vulnerability scan.
  • B. Verify user permissions.
  • C. Verify SLA with cloud provider.
  • D. Investigate a potential incident.

Answer: D


NEW QUESTION # 136
Which of the following is the best method to ensure secure boot UEFI features are enabled to prevent boot malware?

  • A. Set I-JEFI to legacy mode and enable security features.
  • B. Convert the legacy partition table to UEFI and repair the operating system.
  • C. Enable secure boot in the hardware and reload the operating system.
  • D. Reconfigure the system's MBR and enable NTFS.

Answer: C

Explanation:
B) Reconfigure the system's MBR and enable NTFS is not correct. MBR stands for Master Boot Record, and it is a legacy partitioning scheme that stores information about the partitions and the boot loader on a disk. NTFS stands for New Technology File System, and it is a file system that supports features such as encryption, compression, and access control. Reconfiguring the system's MBR and enabling NTFS would not enable secure boot UEFI features, as they are not related to UEFI or secure boot. Moreover, MBR is incompatible with UEFI, as UEFI requires a different partitioning scheme called GPT (GUID Partition Table)3.
C) Set UEFI to legacy mode and enable security features is not correct. Legacy mode is a compatibility mode that allows UEFI systems to boot using legacy BIOS methods. Legacy mode disables some of the features and benefits of UEFI, such as secure boot, faster boot time, or larger disk support. Setting UEFI to legacy mode would not enable secure boot UEFI features, but rather disable them.
D) Convert the legacy partition table to UEFI and repair the operating system is not correct. Converting the legacy partition table to UEFI means changing the partitioning scheme from MBR to GPT, which is required for UEFI systems to boot. However, this alone would not enable secure boot UEFI features, as it also depends on the firmware settings and the operating system support. Repairing the operating system may or may not fix any issues caused by converting the partition table, but it would not necessarily enable secure boot either.
1: What Is Secure Boot? 2: How to Enable Secure Boot 3: MBR vs GPT: Which One Is Better for You? : [UEFI vs Legacy BIOS - The Ultimate Comparison Guide] Explanation:
The correct answer is A. Enable secure boot in the hardware and reload the operating system. Secure boot is a feature of UEFI that ensures that only trusted and authorized code can execute during the boot process. Secure boot can prevent boot malware, such as rootkits or bootkits, from compromising the system before the operating system loads1. To enable secure boot, the hardware must support UEFI and have a firmware that implements the secure boot protocol. The operating system must also support UEFI and have a digital signature that matches the keys stored in the firmware. If the operating system was installed in legacy mode or does not have a valid signature, it may not boot with secure boot enabled. Therefore, it may be necessary to reload the operating system after enabling secure boot in the hardware2.


NEW QUESTION # 137
A code review reveals a web application is using lime-based cookies for session management. This is a security concern because lime-based cookies are easy to:

  • A. parameterize.
  • B. decrypt.
  • C. decode.
  • D. guess.

Answer: C


NEW QUESTION # 138
A security analyst is attempting to utilize the blowing threat intelligence for developing detection capabilities:

In which of the following phases is this APT MOST likely to leave discoverable artifacts?

  • A. Data collection/exfiltration
  • B. Defensive evasion
  • C. Lateral movement
  • D. Reconnaissance

Answer: A


NEW QUESTION # 139
A cybersecurity professional typed in a URL and discovered the admin panel for the e-commerce application is accessible over the open web with the default password.
Which of the following is the MOST secure solution to remediate this vulnerability?

  • A. Change the username and default password, whitelist specific source IP addresses, and require two- factor authentication.
  • B. Rename the URL to a more obscure name, whitelist all corporate IP blocks, and require two- factor authentication.
  • C. Whitelist all corporate IP blocks, require an alphanumeric passphrase for the default password, and require two-factor authentication.
  • D. Change the default password, whitelist specific source IP addresses, and require two-factor authentication.

Answer: A


NEW QUESTION # 140
An organization is required to be able to consume multiple threat feeds simultaneously and to provide actionable intelligence to various teams. The organization would also like to be able to leverage the intelligence to enrich security event dat a. Which of the following functions would most likely help the security analyst meet the organization's requirements?

  • A. Detection and monitoring
  • B. Incident response
  • C. Vulnerability management
  • D. Risk management

Answer: A

Explanation:
A) Vulnerability management is not correct. Vulnerability management is a function that involves identifying, assessing, and mitigating the weaknesses or flaws in systems, applications, or networks that could be exploited by attackers. Vulnerability management can help the organization to reduce its attack surface and prevent potential breaches, but it does not directly involve consuming multiple threat feeds simultaneously or providing actionable intelligence to various teams.
B) Risk management is not correct. Risk management is a function that involves identifying, analyzing, and evaluating the risks that could affect the organization's assets, operations, or objectives. Risk management can help the organization to prioritize and implement appropriate controls or mitigation strategies to reduce the likelihood or impact of the risks, but it does not directly involve consuming multiple threat feeds simultaneously or providing actionable intelligence to various teams.
D) Incident response is not correct. Incident response is a function that involves preparing for, detecting, containing, analyzing, and recovering from security incidents that compromise the confidentiality, integrity, or availability of the organization's assets or operations. Incident response can help the organization to minimize the damage and restore normal operations as quickly as possible, but it does not directly involve consuming multiple threat feeds simultaneously or providing actionable intelligence to various teams.
1: Cybersecurity Analyst+ - CompTIA
Explanation:
The correct answer is C. Detection and monitoring. Detection and monitoring is a function that involves collecting, analyzing, and correlating data from various sources, such as threat feeds, logs, alerts, or events, to identify and respond to potential or ongoing threats. Detection and monitoring can help the organization to consume multiple threat feeds simultaneously and to provide actionable intelligence to various teams, such as security operations center (SOC) analysts, incident responders, or threat hunters. Detection and monitoring can also help the organization to leverage the intelligence to enrich security event data, such as adding context, severity, or priority to the events1.


NEW QUESTION # 141
A threat feed notes malicious actors have been infiltrating companies and exfiltration data to a specific set of domains Management at an organization wants to know if it is a victim Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?

  • A. Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information
  • B. Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
  • C. Add the domains to a DNS sinkhole and create an alert m the SIEM toot when the domains are queried
  • D. Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested

Answer: A


NEW QUESTION # 142
A small business does not have enough staff in the accounting department to segregate duties. The controller writes the checks for the business and reconciles them against the ledger. To ensure there is no fraud occurring, the business conducts quarterly reviews in which a different officer in the business compares all the cleared checks against the ledger. Which of the following BEST describes this type of control?

  • A. Detective
  • B. Deterrent
  • C. Compensating
  • D. Preventive

Answer: D


NEW QUESTION # 143
An organization is attempting to harden its web servers and reduce the information that might be disclosed by potential attackers. A security analyst is reviewing vulnerability scan results from a recent web server scan.
Portions of the scan results are shown below:

Which of the following lines indicates information disclosure about the host that needs to be remediated?

  • A. Access Path: http://myOrg.com/mailingList.htm
  • B. Finding#5144322
  • C. First Time Detected 10 Nov 2015 09:00 GMT-0600
  • D. Request: GET http://myOrg.com/mailingList.aspx?content=volunteer
  • E. Response: :\Documents\MarySmith\mailingList.pdf

Answer: E


NEW QUESTION # 144
A software patch has been released to remove vulnerabilities from company's software.
A security analyst has been tasked with testing the software to ensure the vulnerabilities have been remediated and the application is still functioning properly.
Which of the following tests should be performed NEXT?

  • A. User acceptance testing
  • B. Penetration testing
  • C. Regression testing
  • D. Fuzzing

Answer: C


NEW QUESTION # 145
During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:

To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and __________.

  • A. DST 138.10.2.5.
  • B. DST 172.10.45.5.
  • C. DST 138.10.25.5.
  • D. DST 172.10.3.5.
  • E. DST 175.35.20.5.

Answer: D


NEW QUESTION # 146
A system is experiencing noticeably slow response times, and users are being locked out frequently. An analyst asked for the system security plan and found the system comprises two servers: an application server in the DMZ and a database server inside the trusted domain. Which of the following should be performed NEXT to investigate the availability issue?

  • A. Review syslogs from critical servers.
  • B. Perform fuzzing.
  • C. Install a WAF in front of the application server.
  • D. Review the firewall logs.

Answer: B


NEW QUESTION # 147
A security analyst reviews SIEM logs and detects a well-known malicious executable running in a Windows machine The up-to-date antivirus cannot detect the malicious executable Which of the following is the MOST likely cause of this issue?

  • A. The malware is being executed with administrative privileges.
  • B. The antivirus does not have the mltware's signature.
  • C. The malware is fileless and exists only in physical memory.
  • D. The malware detects and prevents its own execution in a virtual environment.

Answer: A


NEW QUESTION # 148
An application server runs slowly and then triggers a high CPU alert. After investigating, a security analyst finds an unauthorized program is running on the server. The analyst reviews the application log below.

Which of the following conclusions is supported by the application log?

  • A. An attacker was attempting to download files via a remote command execution vulnerability
  • B. An attacker was attempting to perform a buffer overflow attack to execute a payload in memory.
  • C. An attacker was attempting to perform an XSS attack via a vulnerable third-party library.
  • D. An attacker was attempting to perform a DoS attack against the server.

Answer: A

Explanation:
Bin /Bash in this log. looks like reverse shell and definately remote command exacution and downloading something.


NEW QUESTION # 149
......

CS0-002 Free Sample Questions to Practice One Year Update: https://freecert.test4sure.com/CS0-002-exam-materials.html

Related Blogs

more
CompTIA CS0-002 Certification Practice Exam

Copyright © 2026 TEST4SURE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.