Free CompTIA CS0-002 Exam Dumps and CS0-002 Exam Questions

Question No: 1

MultipleChoice

A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company's server.

Which of the following is the FIRST step the analyst should take?

Options

ACreate a full disk image of the server's hard drive to look for the file containing the malware.

BRun a manual antivirus scan on the machine to look for known malicious software.

CTake a memory snapshot of the machine to capture volatile information stored in memory.

DStart packet capturing to look for traffic that could be indicative of command and control from the miner.

Question No: 2

MultipleChoice

A cybersecurity analyst is contributing to a team hunt on an organization's endpoints.

Which of the following should the analyst do FIRST?

Options

AWrite detection logic.

BEstablish a hypothesis.

CProfile the threat actors and activities.

DPerform a process analysis.

Question No: 3

MultipleChoice

A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources.

Which of the following BEST describes this attack?

Options

AInjection attack

BMemory corruption

CDenial of service

DArray attack

Question No: 4

MultipleChoice

A small electronics company decides to use a contractor to assist with the development of a new FPGA-based device. Several of the development phases will occur off-site at the contractor's labs.

Which of the following is the main concern a security analyst should have with this arrangement?

Options

AMaking multiple trips between development sites increases the chance of physical damage to the FPGAs.

BMoving the FPGAs between development sites will lessen the time that is available for security testing.

CDevelopment phases occurring at multiple sites may produce change management issues.

DFPGA applications are easily cloned, increasing the possibility of intellectual property theft.

Question No: 5

MultipleChoice

A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:

The analyst runs the following command next:

Which of the following would explain the difference in results?

Options

AICMP is being blocked by a firewall.

BThe routing tables for ping and hping3 were different.

CThe original ping command needed root permission to execute.

Dhping3 is returning a false positive.

Question No: 6

MultipleChoice

An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform.

Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?

Options

AFaaS

BRTOS

CSoC

DGPS

ECAN bus

Question No: 7

MultipleChoice

An information security analyst observes anomalous behavior on the SCADA devices in a power plant. This behavior results in the industrial generators overheating and destabilizing the power supply.

Which of the following would BEST identify potential indicators of compromise?

Options

AUse Burp Suite to capture packets to the SCADA device's IP.

BUse tcpdump to capture packets from the SCADA device IP.

CUse Wireshark to capture packets between SCADA devices and the management system.

DUse Nmap to capture packets from the management system to the SCADA devices.

Question No: 8

MultipleChoice

Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII?

Options

AHuman resources

BPublic relations

CMarketing

DInternal network operations center

Question No: 9

MultipleChoice

An analyst is working with a network engineer to resolve a vulnerability that was found in a piece of legacy hardware, which is critical to the operation of the organization's production line. The legacy hardware does not have third-party support, and the OEM manufacturer of the controller is no longer in operation. The analyst documents the activities and verifies these actions prevent remote exploitation of the vulnerability.

Which of the following would be the MOST appropriate to remediate the controller?

Options

ASegment the network to constrain access to administrative interfaces.

BReplace the equipment that has third-party support.

CRemove the legacy hardware from the network.

DInstall an IDS on the network between the switch and the legacy equipment.

Question No: 10

MultipleChoice

A security manager has asked an analyst to provide feedback on the results of a penetration lest. After reviewing the results the manager requests information regarding the possible exploitation of vulnerabilities Much of the following information data points would be MOST useful for the analyst to provide to the security manager who would then communicate the risk factors to senior management? (Select TWO)

Options

AProbability

BAdversary capability

CAttack vector

DImpact

EClassification

FIndicators of compromise