CompTIA Updated CS0-002 Exam Questions and Answers by gaia

Resource exhaustion occurs when a system runs out of resources such as memory, CPU, disk space, or network bandwidth due to excessive demand or poor management1. In this case, the server statistics show that the CPU usage is 100%, the memory usage is 99%, and the disk usage is 98%, indicating that the system is suffering from resource exhaustion. This can affect the performance and availability of the system and its applications. A race condition (A) is a condition where the system’s behavior depends on the sequence or timing of other uncontrollable events2. Privilege escalation (B) is a situation where an attacker gains unauthorized access to higher privileges or permissions on a system3. VM escape (D) is a technique where an attacker breaks out of a virtual machine and interacts with the host operating system.

References: 1: https://www.techopedia.com/definition/31686/resource-exhaustion  2: https://en.wikipedia.org/wiki/Race_condition  3: https://www.techopedia.com/definition/4111/privilege-escalation : https://www.techopedia.com/definition/32088/vm-escape

 IPS and SIEM are technologies that can help secure sensitive data on critical networks by implementing controls to mitigate APTs. IPS stands for Intrusion Prevention System, and it is a device or software that monitors network traffic and blocks or prevents malicious packets or activities based on predefined rules or signatures. IPS can help detect and stop APTs that may try to exploit vulnerabilities or bypass security controls on critical networks. SIEM stands for Security Information and Event Management, and it is a system that collects, correlates, analyzes, and reports security data from various sources, such as logs, alerts, events, etc. SIEM can help identify and respond to APTs that may exhibit anomalous or suspicious behavior patterns on critical networks.

The hosts file is a text file that maps hostnames to IP addresses, and it can be used to override DNS resolution. The hosts file entries that should be used for further investigation are the ones that point to external or suspicious IP addresses, such as 198.51.100.5, which is a reserved IP address for documentation purposes. The other entries are either loopback addresses (::1 and 127.0.0.1) or internal network addresses (192.168.3.249), which are less likely to be malicious.

Deidentifying a data subject means removing or obscuring any data that can be used to identify, locate, or contact an individual, such as names, addresses, phone numbers, email addresses, social security numbers, etc. Deidentifying a data subject throughout the organization’s applications can help comply with the new regulation that requires only retaining the minimum amount of data on a person to perform the organization’s necessary activities.