Free Access CompTIA.CS0-002.v2025-03-13.q112 Practice Test (Page 21)

Question 96

During a review of SIEM alerts, a securrty analyst discovers the SIEM is receiving many alerts per day from the file-integrity monitoring toot about files from a newly deployed application that should not change. Which of the following steps should the analyst complete FIRST to respond to the issue7

A.Warn the incident response team that the server can be compromised

B.Open a ticket informing the development team about the alerts

C.Check if temporary files are being monitored

D.Dismiss the alert, as the new application is still being adapted to the environment

Question 97

Which of the following is a vulnerability that is specific to hypervisors?

A.DDoS

B.Weak encryption

C.VLAN hopping

D.WMescape

Question 98

A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied. When conducting the scan, the analyst received the following code snippet of results:

Which of the following describes the output of this scan?

A.The analyst has discovered a False Positive, and the status code is incorrect providing an OK message.

B.The analyst has discovered a True Positive, and the status code is correct providing a file not found error message.

C.The analyst has discovered a False Positive, and the status code is incorrect providing a server error message.

D.The analyst has discovered a True Positive, and the status code is incorrect providing a forbidden message.

Question 99

When reviewing a compromised authentication server, a security analyst discovers the following hidden file:

Further analysis shows these users never logged in to the server. Which of the following types of attacks was used to obtain the file and what should the analyst recommend to prevent this type of attack from reoccurring?

A.A rogue LDAP server is installed on the system and is connecting passwords. The analyst should recommend wiping and reinstalling the server.

B.A rainbow tables attack was used to compromise the accounts. The analyst should recommend that future password hashes contains a salt.

C.A phishing attack was used to compromise the account. The analyst should recommend users install endpoint protection to disable phishing links.

D.A password spraying attack was used to compromise the passwords. The analyst should recommend that all users receive a unique password.

Question 100

A security analyst is investigate an no client related to an alert from the threat detection platform on a host (10.0 1.25) in a staging environment that could be running a cryptomining tool because it in sending traffic to an IP address that are related to Bitcoin.
The network rules for the instance are the following:

Which of the following is the BEST way to isolate and triage the host?

A.Remove rules 1.2. and 5.

B.Remove rules 1.4. and 5.

C.Remove rules 1.2. 3.4. and 5.

D.Remove rules 4 and 5

E.Remove rules 1.2. 4. and 5.

F.Remove rules 1.2. and 3.

Other Version: 2795CompTIA.CS0-002.v2024-10-25.q354; 644CompTIA.CS0-002.v2024-09-17.q264; 883CuramSoftware.CS0-002.v2024-02-05.q218; 2352CuramSoftware.CS0-002.v2023-02-13.q163; 4396CuramSoftware.CS0-002.v2022-08-26.q256; 120Curam-Software.Prepawaytest.CS0-002.v2022-02-03.by.kelly.205q.pdf; 14454CuramSoftware.CS0-002.v2022-01-17.q285

Latest Upload: 129Fortinet.NSE8_812.v2025-10-22.q86; 139HP.HPE2-B04.v2025-10-21.q38; 116Oracle.1Z0-1160-1.v2025-10-21.q18; 136GitHub.GitHub-Advanced-Security.v2025-10-21.q27; 134Oracle.1Z0-084.v2025-10-21.q31; 329CuramSoftware.CS0-003.v2025-10-18.q211; 197GAQM.Databricks-Certified-Data-Engineer-Associate.v2025-10-18.q113; 203SAP.C-C4HCX-2405.v2025-10-17.q85; 266Huawei.H12-831_V1.0.v2025-10-16.q126; 193SAP.C-THR70-2411.v2025-10-16.q55

Question 96

Question 97

Question 98

Question 99

Question 100

Download PDF File