Free Access CuramSoftware.CS0-002.v2022-01-17.q285 Practice Test (Page 51)

Question 246

A security analyst needs to perform a search for connections with a suspicious IP on the network traffic. The company collects full packet captures at the Internet gateway and retains them for one week. Which of the following will enable the analyst to obtain the BEST results?

A.npcapd internet.pcap | grep <suspicious ip>

B.grep -a <suspicious ip> internet.pcap

C.strings internet.pcap | grep <suspicious ip>

D.tcpdump-n-rinternet.pcaphost<suspicious ip>

Question 247

A SIEM alert occurs with the following output:

Which of the following BEST describes this alert?

A.The alert is valid because IP spoofing may be occurring on the network

B.The alert is a false positive; both NICs are of the same brand

C.The alert is a false positive; there is a device with dual NICs

D.The alert is valid because there may be a rogue device on the network

Question 248

A system administrator is doing network reconnaissance of a company's external network to determine the vulnerability of various services that are running. Sending some sample traffic to the external host, the administrator obtains the following packet capture:

Based on the output, which of the following services should be further tested for vulnerabilities?

A.SSH

B.HTTP

C.HTTPS

D.SMB

Question 249

In the development stage of the incident response policy, the security analyst needs to determine the stakeholders for the policy. Who of the following would be the policy stakeholders?

A.Chief information Officer (CIO), Chief Executive Officer, board of directors, stockholders

B.Human resources, legal, public relations, management

C.IT, human resources, security administrator, finance

D.Public information officer, human resources, audit, customer service

Question 250

A technician at a company's retail store notifies an analyst that disk space is being consumed at a rapid rate on several registers. The uplink back to the corporate office is also saturated frequently. The retail location has no Internet access. An analyst then observes several occasional IPS alerts indicating a server at corporate has been communicating with an address on a watchlist. Netflow data shows large quantities of data transferred at those times.
Which of the following is MOST likely causing the issue?

A.A penetration test is being run against the registers from the IP address indicated on the watchlist, generating large amounts of traffic and data storage.

B.Malware on a register is scraping credit card data and staging it on a server at the corporate office before uploading it to an attacker-controlled command and control server.

C.Ransomware on the corporate network has propagated from the corporate network to the registers and has begun encrypting files there.

D.A credit card processing file was declined by the card processor and caused transaction logs on the registers to accumulate longer than usual.

Other Version: 1018CompTIA.CS0-002.v2025-03-13.q112; 2451CompTIA.CS0-002.v2024-10-25.q354; 623CompTIA.CS0-002.v2024-09-17.q264; 858CuramSoftware.CS0-002.v2024-02-05.q218; 2248CuramSoftware.CS0-002.v2023-02-13.q163; 4208CuramSoftware.CS0-002.v2022-08-26.q256; 120Curam-Software.Prepawaytest.CS0-002.v2022-02-03.by.kelly.205q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 165TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 150Salesforce.Data-Architect.v2025-09-05.q216; 144Adobe.AD0-E605.v2025-09-05.q50

Question 246

Question 247

Question 248

Question 249

Question 250

Download PDF File