Free Access CompTIA.CS0-002.v2024-10-25.q354 Practice Test (Page 46)

Question 221

Some hard disks need to be taken as evidence for further analysis during an incident response Which of the following procedures must be completed FIRST for this type of evtdertce acquisition?

A.Extract the hard drives from the compromised machines and then plug them into a forensics machine to apply encryption over the stored data to protect it from non-authorized access

B.Build the chain-of-custody document, noting the media model senal number size vendor, date, and time of acquisition

C.Execute the command #dd if=/dev/ada of=/dev/adc ba=5i2 to clone the evidence data to external media to prevent any further change

D.Perform a disk sanitation using the command 8dd if=/deT/zero of=/deT/adc ba=iM over the media that wil receive a copy of the coHected data

Question 222

A large software company wants to move «s source control and deployment pipelines into a cloud-computing environment. Due to the nature of the business management determines the recovery time objective needs to be within one hour. Which of the following strategies would put the company in the BEST position to achieve the desired recovery time?

A.Set up every cloud component with duplicated copies and auto scaling turned on

B.Configure a duplicate environment in the same region and load balance between both instances

C.Establish an alternate site with active replication to other regions

D.Create a duplicate copy on premises that can be used for failover in a disaster situation

Question 223

A network attack that is exploiting a vulnerability in the SNMP is detected.
Which of the following should the cybersecurity analyst do FIRST?

A.Apply the required patches to remediate the vulnerability.

B.Escalate the incident to senior management for guidance.

C.Disable all privileged user accounts on the network.

D.Temporarily block the attacking IP address.

Question 224

Given the following output from a Linux machine:
file2cable *i eth0 -f file.pcap
Which of the following BEST describes what a security analyst is trying to accomplish?

A.The analyst is attempting to replay captured data from a PCAP file.

B.The analyst is attempting to capture traffic for a PCAP file.

C.The analyst is attempting to capture traffic on interface eth0.

D.The analyst is attempting to use a protocol analyzer to monitor network traffic.

E.The analyst is attempting to measure bandwidth utilization on interface eth0.

Question 225

An organization was alerted to a possible compromise after its proprietary data was found for sale on the Internet. An analyst is reviewing the logs from the next-generation UTM in an attempt to find evidence of this breach. Given the following output:

Which of the following should be the focus of the investigation?

A.sftp.org-dmz.org

B.ftps.bluemed.net

C.83hht23.org-int.org

D.webserver.org-dmz.org

Other Version: 2996CompTIA.CS0-002.v2025-03-13.q112; 1521CompTIA.CS0-002.v2024-09-17.q264; 1730CuramSoftware.CS0-002.v2024-02-05.q218; 2919CuramSoftware.CS0-002.v2023-02-13.q163; 5099CuramSoftware.CS0-002.v2022-08-26.q256; 120Curam-Software.Prepawaytest.CS0-002.v2022-02-03.by.kelly.205q.pdf; 15499CuramSoftware.CS0-002.v2022-01-17.q285

Latest Upload: 264PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 378Nokia.4A0-113.v2026-05-01.q69; 410EC-COUNCIL.312-49v11.v2026-04-30.q214; 328Microsoft.MB-820.v2026-04-30.q101; 256Salesforce.MC-202.v2026-04-30.q57; 301BICSI.INSTC_V8.v2026-04-29.q53; 428NMLS.MLO.v2026-04-28.q82; 286NCARB.Project-Management.v2026-04-28.q27; 509EMC.D-AV-DY-23.v2026-04-27.q184; 1341ServiceNow.CSA.v2026-04-27.q483

Question 221

Question 222

Question 223

Question 224

Question 225

Download PDF File