Free Access CuramSoftware.CS0-002.v2022-01-17.q285 Practice Test (Page 44)

Question 211

A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:

Which of the following can the analyst conclude?

A.Data is being exfiltrated over DNS.

B.The system is running a DoS attack against ajgidwle.com.

C.Malware is attempting to beacon to 128.50.100.3.

D.The system is scanning ajgidwle.com for PII.

Question 212

A security analyst has received information from a third-party intelligence-sharing resource that indicates employee accounts were breached.
Which of the following is the NEXT step the analyst should take to address the issue?

A.Audit access permissions for all employees to ensure least privilege.

B.Force a password reset for the impacted employees and revoke any tokens.

C.Configure SSO to prevent passwords from going outside the local network.

D.Set up privileged access management to ensure auditing is enabled.

Question 213

A company's blocklist has outgrown the current technologies in place. The ACLS are at maximum, and the IPS signatures only allow a certain amount of space for domains to be added, creating the need for multiple signatures.
Which of the following configuration changes to the existing controls would be the MOST appropriate to improve performance?

A.Create an IDS for the current blocklist to determine which domains are showing activity and may need to be removed.

B.Review the current blocklist to determine which domains can be removed from the list and then update the ACLs and IPS signatures.

C.Review the current blocklist and prioritize it based on the level of threat severity. Add the domains with the highest severity to the blocklist and remove the lower-severity threats from it.

D.Implement a host-file based solution that will use a list of all domains to deny for all machines on the network

Question 214

An analyst wants to use a command line tool to identify open ports and running services on a host along with the application that is associated with those services and port.
Which of the following should the analyst use?

A.Wireshark

B.netstat

C.nmap

D.Qualys

E.ping

Question 215

Which of the following is a switch attack?

A.CSRF

B.Inference

C.MAC overflow

D.XSS

Other Version: 1018CompTIA.CS0-002.v2025-03-13.q112; 2451CompTIA.CS0-002.v2024-10-25.q354; 623CompTIA.CS0-002.v2024-09-17.q264; 858CuramSoftware.CS0-002.v2024-02-05.q218; 2256CuramSoftware.CS0-002.v2023-02-13.q163; 4222CuramSoftware.CS0-002.v2022-08-26.q256; 120Curam-Software.Prepawaytest.CS0-002.v2022-02-03.by.kelly.205q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 151Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 165TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 172PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 151Salesforce.Data-Architect.v2025-09-05.q216; 145Adobe.AD0-E605.v2025-09-05.q50

Question 211

Question 212

Question 213

Question 214

Question 215

Download PDF File