Free Access CompTIA.CS0-002.v2024-10-25.q354 Practice Test (Page 22)

Question 101

Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?

A.Security regression testing

B.Code review

C.User acceptance testing

D.Stress testing

Question 102

A company's application development has been outsourced to a third-party development team. Based on the SLA.
The development team must follow industry best practices for secure coding.
Which of the following is the BEST way to verify this agreement?

A.Input validation

B.Security regression testing

C.Application fuzzing

D.User acceptance testing

E.Stress testing

Correct Answer: B

Detailed Security regression testing is a type of testing that verifies that the security features and functionality of an application are not compromised or broken by any changes or updates in the code2. Security regression testing can help to ensure that the application follows industry best practices for secure coding and does not introduce any new vulnerabilities or weaknesses. Security regression testing can be performed manually or automatically using tools or scripts that check for common security flaws and compliance with security standards. Security regression testing can also help to validate the error-handling capabilities of an application by testing how it responds to different types of inputs and scenarios. Input validation (A) is a technique that checks whether the inputs to an application are valid and expected before processing them3. Input validation can help to prevent some types of security attacks, such as injection attacks or buffer overflows, but it is not a way to verify that an application follows industry best practices for secure coding. Input validation is part of secure coding, not a way to test it. Application fuzzing is a technique that tests an application by sending random or malformed inputs to it and observing its behavior4. Application fuzzing can help to discover some types of security vulnerabilities, such as memory leaks or crashes, but it is not a comprehensive way to verify that an application follows industry best practices for secure coding. Application fuzzing may not cover all possible inputs and scenarios and may not check for compliance with security standards. User acceptance testing (D) is a technique that tests an application by involving end users or customers in evaluating its functionality and usability. User acceptance testing can help to ensure that an application meets the user requirements and expectations, but it is not a reliable way to verify that an application follows industry best practices for secure coding. User acceptance testing may not focus on security aspects and may not detect subtle or hidden security flaws. Stress testing (E) is a technique that tests an application by subjecting it to high levels of load or demand. Stress testing can help to evaluate the performance and reliability of an application under extreme conditions, but it is not a relevant way to verify that an application follows industry best practices for secure coding. Stress testing does not check for security issues and may not reflect normal usage patterns.

Question 103

While investigating reports or issues with a web server, a security analyst attempts to log in remotely and recedes the following message:

The analyst accesses the server console, and the following console messages are displayed:

The analyst is also unable to log in on the console. While reviewing network captures for the server, the analyst sees many packets with the following signature:

Which of the following is the BEST step for the analyst to lake next in this situation?

A.Cryptomining malware is running on the server and utilizing an CPU and memory. Reboot the server and disable any cron Jobs or startup scripts that start the mining software.

B.Corporate data is being exfilltrated from the server Reboot the server and log in to see if it contains any sensitive data.

C.After ensuring network captures from the server are saved isolate the server from the network take a memory snapshot, reboot and log in to do further analysis.

D.Load the network captures into a protocol analyzer to further investigate the communication with 128.30.100.23, as this may be a botnet command server

Question 104

A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:

Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

A.Server1

B.Firewall

C.PC2

D.PC1

E.Server2

Question 105

During an investigation, a security analyst identified machines that are infected with malware the antivirus was unable to detect.
Which of the following is the BEST place to acquire evidence to perform data carving?

A.The system memory

B.The hard drive

C.Network packets

D.The Windows Registry

Other Version: 2914CompTIA.CS0-002.v2025-03-13.q112; 1416CompTIA.CS0-002.v2024-09-17.q264; 1663CuramSoftware.CS0-002.v2024-02-05.q218; 2846CuramSoftware.CS0-002.v2023-02-13.q163; 5026CuramSoftware.CS0-002.v2022-08-26.q256; 120Curam-Software.Prepawaytest.CS0-002.v2022-02-03.by.kelly.205q.pdf; 15389CuramSoftware.CS0-002.v2022-01-17.q285

Latest Upload: 202PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 299Nokia.4A0-113.v2026-05-01.q69; 255EC-COUNCIL.312-49v11.v2026-04-30.q214; 228Microsoft.MB-820.v2026-04-30.q101; 211Salesforce.MC-202.v2026-04-30.q57; 206BICSI.INSTC_V8.v2026-04-29.q53; 335NMLS.MLO.v2026-04-28.q82; 243NCARB.Project-Management.v2026-04-28.q27; 463EMC.D-AV-DY-23.v2026-04-27.q184; 1117ServiceNow.CSA.v2026-04-27.q483

Question 101

Question 102

Question 103

Question 104

Question 105

Download PDF File