March Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

CS0-002 CompTIA CySA+ Certification Exam (CS0-002) Questions and Answers

Questions 4

A security analyst notices the following entry while reviewing the server togs

OR 1=1' ADD USER attacker' PW 1337password' ----

Which of the following events occurred?

Options:

A.

CSRF

B.

XSS

C.

SQLi

D.

RCE

Buy Now
Questions 5

An organization recently discovered that spreadsheet files containing sensitive financial data were improperly stored on a web server. The management team wants to find out if any of these files were downloaded by pubic users accessing the server. The results should be written to a text file and should induce the date. time, and IP address associated with any spreadsheet downloads. The web server's log file Is named webserver log, and the report We name should be accessreport.txt. Following is a sample of the web servefs.log file:

2017-0-12 21:01:12 GET /index.htlm - @4..102.33.7 - return=200 1622

Which of the following commands should be run if an analyst only wants to include entries in which spreadsheet was successfully downloaded?

Options:

A.

more webserver.log | grep * xIs > accessreport.txt

B.

more webserver.log > grep ''xIs > egrep -E 'success' > accessreport.txt

C.

more webserver.log | grep ' -E ''return=200 | accessreport.txt

D.

more webserver.log | grep -A *.xIs < accessreport.txt

Buy Now
Questions 6

Which of the following APT adversary archetypes represent non-nation-state threat actors? (Select TWO)

Options:

A.

Kitten

B.

Panda

C.

Tiger

D.

Jackal

E.

Bear

F.

Spider

Buy Now
Questions 7

Which of the following BEST explains the function of trusted firmware updates as they relate to hardware assurance?

Options:

A.

Trusted firmware updates provide organizations with development, compilation, remote access, and customization for embedded devices.

B.

Trusted firmware updates provide organizations with security specifications, open-source libraries, and custom toots for embedded devices.

C.

Trusted firmware updates provide organizations with remote code execution, distribution, maintenance, and extended warranties for embedded devices

D.

Trusted firmware updates provide organizations with secure code signing, distribution, installation. and attestation for embedded devices.

Buy Now
Questions 8

The following output is from a tcpdump al the edge of the corporate network:

CS0-002 Question 8

Which of the following best describes the potential security concern?

Options:

A.

Payload lengths may be used to overflow buffers enabling code execution.

B.

Encapsulated traffic may evade security monitoring and defenses

C.

This traffic exhibits a reconnaissance technique to create network footprints.

D.

The content of the traffic payload may permit VLAN hopping.

Buy Now
Questions 9

Which of the following is the most effective approach to minimize the occurrence of vulnerabilities introduced by unintentional misconfigurations in the cloud?

Options:

A.

Requiring security training certification before granting access to staff

B.

Migrating all resources to a private cloud deployment

C.

Restricting changes to the deployment of validated laC templates

D.

Reducing laaS deployments by fostering serverless architectures

Buy Now
Questions 10

A security analyst is monitoring a company's network traffic and finds ping requests going to accounting and human resources servers from a SQL server. Upon investigation, the analyst discovers a technician responded to potential network connectivity issues. Which of the following is the best way for the security analyst to respond?

Options:

A.

Report this activity as a false positive, as the activity is legitimate.

B.

Isolate the system and begin a forensic investigation to determine what was compromised.

C.

Recommend network segmentation to the management team as a way to secure the various environments.

D.

Implement host-based firewalls on all systems to prevent ping sweeps in the future.

Buy Now
Questions 11

An IT security analyst has received an email alert regarding vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?

Options:

A.

SCADA

B.

CAN bus

C.

Modbus

D.

loT

Buy Now
Questions 12

A security analyst is investigating a reported phishing attempt that was received by many users throughout the company The text of one of the emails is shown below:

CS0-002 Question 12

Office 365 User.

It looks like you account has been locked out Please click this link and follow the pfompts to restore access

Regards.

Security Team

Due to the size of the company and the high storage requirements, the company does not log DNS requests or perform packet captures of network traffic, but rt does log network flow data Which of the following commands will the analyst most likely execute NEXT?

Options:

A.

telnet office365.com 25

B.

tracert 122.167.40.119

C.

curl http:// accountfix-office365.com/login. php

D.

nslookup accountfix-office365.com

Buy Now
Questions 13

Several operator workstations are exhibiting unusual behavior, including applications loading slowly, temporary files being overwritten, and reboot notifications to apply antivirus signatures. During an investigation, an analyst finds evidence of Bitcoin mining. Which of the following is the first step the analyst should take to prevent further spread of the mining operation?

Options:

A.

Reboot each host that is exhibiting the behaviors.

B.

Enable the host-based firewalls to prevent further activity.

C.

Quarantine all the impacted hosts for forensic analysis.

D.

Notify users to turn off all affected devices.

Buy Now
Questions 14

Which of the following is the BEST way to gather patch information on a specific server?

Options:

A.

Event Viewer

B.

Custom script

C.

SCAP software

D.

CI/CD

Buy Now
Questions 15

A security analyst is concerned the number of security incidents being reported has suddenly gone down. Daily business interactions have not changed, and no following should the analyst review FIRST?

Options:

A.

The DNS configuration

B.

Privileged accounts

C.

The IDS rule set

D.

The firewall ACL

Buy Now
Questions 16

A cybersecurity analyst is supporting an Incident response effort via threat Intelligence Which of the following is the analyst most likely executing?

Options:

A.

Requirements analysis and collection planning

B.

Containment and eradication

C.

Recovery and post-incident review

D.

Indicator enrichment and research pivoting

Buy Now
Questions 17

A security analyst is reviewing the following server statistics:

CS0-002 Question 17

Which of the following Is MOST likely occurring?

Options:

A.

Race condition

B.

Privilege escalation

C.

Resource exhaustion

D.

VM escape

Buy Now
Questions 18

A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment. Which of the following would be the BEST method to protect the company's data?

Options:

A.

Implement UEM on an systems and deploy security software.

B.

Implement DLP on all workstations and block company data from being sent outside the company

C.

Implement a CASB and prevent certain types of data from being downloaded to a workstation

D.

Implement centralized monitoring and logging for an company systems.

Buy Now
Questions 19

A security analyst at exampte.com receives a SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream:

CS0-002 Question 19

CS0-002 Question 19

Winch of the following actions should the security analyst lake NEXT?

Options:

A.

Review the known Apache vulnerabilities to determine if a compromise actually occurred

B.

Contact the application owner for connect example local tor additional information

C.

Mark the alert as a false positive scan coming from an approved source.

D.

Raise a request to the firewall team to block 203.0.113.15.

Buy Now
Questions 20

An analyst needs to understand how an attacker compromised a server. Which of the following procedures will best deliver the information that is necessary to reconstruct the steps taken by the attacker?

Options:

A.

Scan the affected system with an anti-malware tool and check for vulnerabilities with a vulnerability scanner.

B.

Extract the server's system timeline, verifying hashes and network connections during a certain time frame.

C.

Clone the entire system and deploy it in a network segment built for tests and investigations while monitoring the system during a certain time frame.

D.

Clone the server's hard disk and extract all the binary files, comparing hash signatures with malware databases.

Buy Now
Questions 21

Which of the following is the greatest security concern regarding ICS?

Options:

A.

The involved systems are generally hard to identify.

B.

The systems are configured for automatic updates, leading to device failure.

C.

The systems are oftentimes air gapped, leading to fileless malware attacks.

D.

Issues on the systems cannot be reversed without rebuilding the systems.

Buy Now
Questions 22

A security analyst reviews SIEM logs and discovers the following error event:

CS0-002 Question 22

Which of the following environments does the analyst need to examine to continue troubleshooting the event?

Options:

A.

Proxy server

B.

SQL server

C.

Windows domain controller

D.

WAF appliance

E.

DNS server

Buy Now
Questions 23

A security analyst is reviewing the following log entries to identify anomalous activity:

CS0-002 Question 23

Which of the following attack types is occurring?

Options:

A.

Directory traversal

B.

SQL injection

C.

Buffer overflow

D.

Cross-site scripting

Buy Now
Questions 24

During an incident investigation, a security analyst discovers the web server is generating an unusually high volume of logs The analyst observes the following response codes:

• 20% of the logs are 403

• 20% of the logs are 404

• 50% of the logs are 200

• 10% of the logs are other codes

The server generates 2MB of logs on a daily basis, and the current day log is over 200MB. Which of the following commands should the analyst use to identify the source of the activity?

Options:

A.

cat access_log Igrep " 403 "

B.

cat access_log Igrep " 200 "

C.

cat access_log Igrep " 100 "

D.

cat access_log Igrep " 4 04 "

E.

cat access_log Igrep " 204 "

Buy Now
Questions 25

An IT security analyst has received an email alert regarding a vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?

Options:

A.

SCADA

B.

CAN bus

C.

Modbus

D.

IoT

Buy Now
Questions 26

A security is reviewing a vulnerability scan report and notes the following finding:

CS0-002 Question 26

As part of the detection and analysis procedures, which of the following should the analyst do NEXT?

Options:

A.

Patch or reimage the device to complete the recovery

B.

Restart the antiviruses running processes

C.

Isolate the host from the network to prevent exposure

D.

Confirm the workstation's signatures against the most current signatures.

Buy Now
Questions 27

A company offers a hardware security appliance to customers that provides remote administration of a device on the customer's network Customers are not authorized to alter the configuration The company deployed a software process to manage unauthorized changes to the appliance log them, and forward them to a central repository for evaluation Which of the following processes is the company using to ensure the appliance is not altered from its ongmal configured state?

Options:

A.

CI/CD

B.

Software assurance

C.

Anti-tamper

D.

Change management

Buy Now
Questions 28

An organization is adopting loT devices at an increasing rate and will need to account for firmware updates in its vulnerability management programs. Despite the number of devices being deployed, the organization has only focused on software patches so far. leaving hardware-related weaknesses open to compromise. Which of the following best practices will help the organization to track and deploy trusted firmware updates as part of its vulnerability management programs?

Options:

A.

Utilize threat intelligence to guide risk evaluation activities and implement critical updates after proper testing.

B.

Apply all firmware updates as soon as they are released to mitigate the risk of compromise.

C.

Determine an annual patch cadence to ensure all patching occurs at the same time.

D.

Implement an automated solution that detects when vendors release firmware updates and immediately deploy updates to production.

Buy Now
Questions 29

A company is building a new fabrication plant and designing its production lines based on the products it manufactures and the networks to support them. The security engineer has the following requirements:

• Each production line must be secured using a single posture.

• Each production line must only communicate with the other lines in a least privilege method.

• Access to each production line from the rest of the network must be strictly controlled.

To best provide the protection that meets these requirements, each product line should be:

Options:

A.

logically segmented and firewalled to control inbound and outbound connectivity.

B.

air gapped and firewalled to manage connectivity.

C.

air gapped but connected to one another by data diodes.

D.

logically segmented and then air gapped to specifically limit traffic.

Buy Now
Questions 30

The Chief Information Security Officer (CISO) of a large financial institution is seeking a solution that will block a predetermined set of data points from being transferred or downloaded by employees. The CISO also wants to track the data assets by name, type, content, or data profile.

Which of the following BEST describes what the CIS wants to purchase?

Options:

A.

Asset tagging

B.

SIEM

C.

File integrity monitor

D.

DLP

Buy Now
Questions 31

The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the organization:

CS0-002 Question 31

Which of the following should the organization consider investing in first due to the potential impact of availability?

Options:

A.

Hire a managed service provider to help with vulnerability management.

B.

Build a warm site in case of system outages.

C.

Invest in a failover and redundant system, as necessary.

D.

Hire additional staff for the IT department to assist with vulnerability management and log review.

Buy Now
Questions 32

To validate local system-hardening requirements, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

Options:

A.

SCAP

B.

SAST

C.

DAST

D.

DACS

Buy Now
Questions 33

A security analyst identified one server that was compromised and used as a data making machine, and a few of the hard drive that was created. Which of the following will MOST likely provide information about when and how the machine was compromised and where the malware is located?

Options:

A.

System timeline reconstruction

B.

System registry extraction

C.

Data carving

D.

Volatile memory analysts

Buy Now
Questions 34

A security analyst notices the following proxy log entries:

CS0-002 Question 34

Which of the following is the user attempting to do based on the log entries?

Options:

A.

Use a DoS attack on external hosts.

B.

Exfiltrate data.

C.

Scan the network.

D.

Relay email.

Buy Now
Questions 35

An organization's internal department frequently uses a cloud provider to store large amounts of sensitive data. A threat actor has deployed a virtual machine to at the use of the cloud hosted hypervisor, the threat actor has escalated the access rights. Which of the following actions would be BEST to remediate the vulnerability?

Options:

A.

Sandbox the virtual machine.

B.

Implement an MFA solution.

C.

Update lo the secure hypervisor version.

D.

Implement dedicated hardware for each customer.

Buy Now
Questions 36

A company's Chief Information Security Officer [CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user's activity session. Which of the following is the best technique to address the ClSO's concerns?

Options:

A.

Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.

B.

Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.

C.

Place a legal hold on the files Require authorized users to abide by a strict time context access policy. Monitor the files for unauthorized changes.

D.

Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.

Buy Now
Questions 37

A user receives a potentially malicious attachment that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review. Which of the following commands would most likely indicate if the email is malicious?

Options:

A.

sha256sum ~/Desktop/fi1e.pdf

B.

/bin/;s -1 ~/Desktop/fi1e.pdf

C.

strings ~/Desktop/fi1e.pdf | grep -i “

D.

cat < ~/Desktop/file.pdf | grep —i .exe

Buy Now
Questions 38

An organization wants to implement a privileged access management solution to belter manage the use of emergency and privileged service accounts Which of the following would BEST satisfy the organization's goal?

Options:

A.

Access control lists

B.

Discretionary access controls

C.

Policy-based access controls

D.

Credential vaulting

Buy Now
Questions 39

A customer notifies a security analyst that a web application is vulnerable to information disclosure The analyst needs to indicate the seventy of the vulnerability based on its CVSS score, which the analyst needs to calculate When analyzing the vulnerability the analyst realizes that tor the attack to be successful, the Tomcat configuration file must be modified Which of the following values should the security analyst choose when evaluating the CVSS score?

Options:

A.

Network

B.

Physical

C.

Adjacent

D.

Local

Buy Now
Questions 40

A current, validated DLP solution Is now in place because of a previous data breach However, a new data breach has taken place The following symptoms were observed shorty after a recent sales meeting:

* Sensitive corporate documents appeared on the dark web.

* Unusually large packets of data were being sent out.

Which of the following is most likely occurring?

Options:

A.

Documents are not tagged properly to restrict sharing.

B.

An insider threat is exfiltration data.

C.

The DLP solution is not configured for unsecured web traffic

D.

File audits are not enabled on CASB.

Buy Now
Questions 41

A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations. Which of the following would work BEST to prevent this type of Incident in the future?

Options:

A.

Implement a UTM instead of a stateful firewall and enable gateway antivirus.

B.

Back up the workstations to facilitate recovery and create a gold Image.

C.

Establish a ransomware awareness program and implement secure and verifiable backups.

D.

Virtualize all the endpoints with dairy snapshots of the virtual machines.

Buy Now
Questions 42

An analyst is coordinating with the management team and collecting several terabytes of data to analyze using advanced mathematical techniques in order to find patterns and correlations in events and activities. Which of the following describes what the analyst is doing?

Options:

A.

Data visualization

B.

SOAR

C.

Machine learning

D.

SCAP

Buy Now
Questions 43

A new prototype for a company's flagship product was leaked on the internet As a result, the management team has locked out all USB drives Optical drive writers are not present on company computers The sales team has been granted an exception to share sales presentation files with third parties Which of the following would allow the IT team to determine which devices are USB enabled?

Options:

A.

Asset tagging

B.

Device encryption

C.

Data loss prevention

D.

SIEMIogs

Buy Now
Questions 44

A user reports a malware alert to the help desk. A technician verities the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access. The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes. Which of the following should the security analyst do next?

Options:

A.

Document the procedures and walk through the incident training guide.

B.

Reverse engineer the malware to determine its purpose and risk to the organization.

C.

Sanitize the workstation and verify countermeasures are restored.

D.

Isolate the workstation and issue a new computer to the user.

Buy Now
Questions 45

Which of the following ICS network protocols has no inherent security functions on TCP port 502?

Options:

A.

CIP

B.

DHCP

C.

SSH

D.

Modbus

Buy Now
Questions 46

An organization wants to ensure the privacy of the data that is on its systems Full disk encryption and DLP are already in use Which of the following is the BEST option?

Options:

A.

Require all remote employees to sign an NDA

B.

Enforce geofencing to limit data accessibility

C.

Require users to change their passwords more frequently

D.

Update the AUP to restrict data sharing

Buy Now
Questions 47

During a risk assessment, a senior manager inquires about what the cost would be if a unique occurrence would impact the availability of a critical service. The service generates $1 ,000 in revenue for the organization. The impact of the attack would affect 20% of the server's capacity to perform jobs. The organization expects that five out of twenty attacks would succeed during the year. Which of the following is the calculated single loss expectancy?

Options:

A.

$200

B.

$800

C.

$5,000

D.

$20,000

Buy Now
Questions 48

When investigating a compromised system, a security analyst finds the following script in the /tmp directory:

CS0-002 Question 48

Which of the following attacks is this script attempting, and how can it be mitigated?

Options:

A.

This is a password-hijacking attack, and it can be mitigated by using strong encryption protocols.

B.

This is a password-spraying attack, and it can be mitigated by using multifactor authentication.

C.

This is a password-dictionary attack, and it can be mitigated by forcing password changes every 30 days.

D.

This is a credential-stuffing attack, and it can be mitigated by using multistep authentication.

Buy Now
Questions 49

A company frequently expenences issues with credential stuffing attacks Which of the following is the BEST control to help prevent these attacks from being successful?

Options:

A.

SIEM

B.

IDS

C.

MFA

D.

TLS

Buy Now
Questions 50

Some hard disks need to be taken as evidence for further analysis during an incident response. Which of the following procedures must be completed FIRST for this type of evidence acquisition?

Options:

A.

Extract the hard drives from the compromised machines and then plug them into a forensics machine to apply encryption over the stored data to protect it from nonauthorized access.

B.

Build the chain-of-custody document, noting the media model, serial number, size, vendor, date, and time of acquisition.

C.

Perform a disk sanitization using the command #dd if=/dev/zero of=/dev/sdc bs=1M over the media that will receive a copy of the collected data.

D.

Execute the command #dd if-/dev/sda of=/dev/sdc bs=512 to clone the evidence data to external media to prevent any further change.

Buy Now
Questions 51

During a review of the vulnerability scan results on a server, an information security analyst notices the following:

CS0-002 Question 51

The MOST appropriate action for the analyst to recommend to developers is to change the web server so:

Options:

A.

It only accepts TLSvl 2

B.

It only accepts cipher suites using AES and SHA

C.

It no longer accepts the vulnerable cipher suites

D.

SSL/TLS is offloaded to a WAF and load balancer

Buy Now
Questions 52

A company creates digitally signed packages for its devices. Which of the following best describes the method by which the security packages are delivered to the company's customers?

Options:

A.

Antitamper mechanism

B.

SELinux

C.

Trusted firmware updates

D.

eFuse

Buy Now
Questions 53

A company notices unknown devices connecting to the internal network and would like to implement a solution to block all non-corporate managed machines. Which of the following solutions would be best to accomplish this goal?

Options:

A.

WPA2 for W1F1 networks

B.

NAC with 802.1X implementation

C.

Extensible Authentication Protocol

D.

RADIUS with challenge/response

Buy Now
Questions 54

Which of the following describes the mam difference between supervised and unsupervised machine-learning algorithms that are used in cybersecurity applications?

Options:

A.

Supervised algorithms can be used to block attacks, while unsupervised algorithms cannot.

B.

Supervised algorithms require security analyst feedback, while unsupervised algorithms do not.

C.

Unsupervised algorithms are not suitable for IDS systems, white supervised algorithms are

D.

Unsupervised algorithms produce more false positives. Than supervised algorithms.

Buy Now
Questions 55

A company wants to ensure confidential data from its storage media files is sanitized so the drives cannot oe reused. Which of the following is the BEST approach?

Options:

A.

Degaussing

B.

Shredding

C.

Formatting

D.

Encrypting

Buy Now
Questions 56

A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The Organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan?

Options:

A.

Make sure the scan is credentialed, covers at hosts in the patch management system, and is scheduled during business hours so it can be terminated if it affects business operations.

B.

Make sure the scan is uncredentialed, covers at hosts in the patch management system, and Is scheduled during of business hours so it has the least impact on operations.

C.

Make sure the scan is credentialed, has the latest software and signature versions, covers all external hosts in the patch management system and is scheduled during off-business hours so it has the least impact on operations.

D.

Make sure the scan is credentialed, uses a ironed plug-in set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations.

Buy Now
Questions 57

A security analyst discovers the company's website is vulnerable to cross-site scripting. Which of the following solutions will best remedy the vulnerability?

Options:

A.

Prepared statements

B.

Server-side input validation

C.

Client-side input encoding

D.

Disabled JavaScript filtering

Buy Now
Questions 58

During an investigation, an analyst discovers the following rule in an executive's email client:

CS0-002 Question 58

The executive is not aware of this rule. Which of the following should the analyst do first to evaluate the potential impact of this security incident?

Options:

A.

Check the server logs to evaluate which emails were sent to .

B.

Use the SIEM to correlate logging events from the email server and the domain server.

C.

Remove the rule from the email client and change the password.

D.

Recommend that the management team implement SPF and DKIM.

Buy Now
Questions 59

A security analyst is reviewing the following server statistics:

CS0-002 Question 59

Which of the following is MOST likely occurring?

Options:

A.

Race condition

B.

Privilege escalation

C.

Resource exhaustion

D.

VM escape

Buy Now
Questions 60

A company's threat team has been reviewing recent security incidents and looking for a common theme. The team discovered the incidents were caused by incorrect configurations on the impacted systems. The issues were reported to support teams, but no action was taken. Which of the following is the next step the company should take to ensure any future issues are remediated?

Options:

A.

Require support teams to develop a corrective control that ensures security failures are addressed once they are identified.

B.

Require support teams to develop a preventive control that ensures new systems are built with the required security configurations.

C.

Require support teams to develop a detective control that ensures they continuously assess systems for configuration errors.

D.

Require support teams to develop a managerial control that ensures systems have a documented configuration baseline.

Buy Now
Questions 61

Which of the following is an advantage of SOAR over SIEM?

Options:

A.

SOAR is much less expensive.

B.

SOAR reduces the amount of human intervention required.

C.

SOAR can aggregate data from many sources.

D.

SOAR uses more robust encryption protocols.

Buy Now
Questions 62

An analyst determines a security incident has occurred Which of the following is the most appropnate NEXT step in an incident response plan?

Options:

A.

Consult the malware analysis process

B.

Consult the disaster recovery plan

C.

Consult the data classification process

D.

Consult the communications plan

Buy Now
Questions 63

A company wants to ensure a third party does not take intellectual property and build a competing product. Which of the following is a non-technical data and privacy control that would best protect the company?

Options:

A.

Data encryption

B.

A non-disclosure agreement

C.

Purpose limitation

D.

Digital rights management

Buy Now
Questions 64

While conducting a cloud assessment, a security analyst performs a Prowler scan, which generates the following within the report:

CS0-002 Question 64

Based on the Prowler report, which of the following is the BEST recommendation?

Options:

A.

Delete CloudDev access key 1.

B.

Delete BusinessUsr access key 1.

C.

Delete access key 1.

D.

Delete access key 2.

Buy Now
Questions 65

An analyst reviews a legacy Windows XP system and concludes an attacker executed code that modified the contents of the system's memory. Which of the following attack techniques did the attacker use?

Options:

A.

Rootkit

B.

Backdoor

C.

Privilege escalation

D.

Buffer overflow

Buy Now
Questions 66

A security analyst scans the company's external IP range and receives the following results from one of the hosts:

CS0-002 Question 66

Which of the following best represents the security concern?

Options:

A.

A remote communications port is exposed.

B.

The FTP port should be using TCP only.

C.

Microsoft RDP is accepting connections on TCP.

D.

The company's DNS server is exposed to everyone.

Buy Now
Questions 67

Which of the following attack techniques has the GREATEST likelihood of quick success against Modbus assets?

Options:

A.

Remote code execution

B.

Buffer overflow

C.

Unauthenticated commands

D.

Certificate spoofing

Buy Now
Questions 68

An employee observes degraded system performance on a Windows workstation. While attempting to access documents, the employee notices the file icons appear abnormal and the file extensions have been changed. The employee instantly shuts down the machine and alerts a supervisor.

Which of the following forensic evidence will be lost as a result of these actions?

Options:

A.

All user actions prior to shutting down the machine

B.

All information stored in the machine's local database

C.

All cached items that are queued to be written to the registry

D.

Volatile artifacts in the system's memory

Buy Now
Questions 69

A company is required to monitor for unauthorized changes to baselines on all assets to comply with industry regulations. Two of the remote units did not recover after scans were performed on the assets. An analyst needs to recommend a solution to prevent recurrence. Which of the following is the best way to satisfy the regulatory requirement without impacting the availability to similar assets and creating an unsustainable process?

Options:

A.

Manually review the baselines daily and document the results in a change history log

B.

Document exceptions with compensating controls to demonstrate the risk mitigation efforts.

C.

Implement a new scanning technology to satisfy the monitoring requirement and train the team.

D.

Purchase new remote units from other vendors with a proven ability to support scanning requirements.

Buy Now
Questions 70

An information security analyst is compiling data from a recent penetration test and reviews the following output:

CS0-002 Question 70

The analyst wants to obtain more information about the web-based services that are running on the target. Which of the following commands would most likely provide the needed information?

Options:

A.

ping -t 10.79.95.173,rdns.datacenter.com

B.

telnet 10.79.95.17.17 443

C.

ftpd 10.79.95.173.rdns.datacenters.com 443

D.

tracert 10.79,,95,173

Buy Now
Questions 71

An organization completed an internal assessment of its policies and procedures. The audit team identified a deficiency in the policies and procedures for PH. Which of the following should be the first step to secure the organization's Pll?

Options:

A.

Complete Pll training within the organization.

B.

Contact all Pll data owners within the organization.

C.

Identify what type of Pll is on the network.

D.

Formalize current Pll documentation.

Buy Now
Questions 72

During an incident response procedure, a security analyst extracted a binary file from the disk of a compromised server. Which of the following is the best approach for analyzing the file without executing it?

Options:

A.

Memory analysis

B.

Hash signature check

C.

Reverse engineering

D.

Dynamic analysis

Buy Now
Questions 73

An organization has a policy that requires servers to be dedicated to one function and unneeded services to be disabled. Given the following output from an Nmap scan of a web server:

CS0-002 Question 73

Which of the following ports should be closed?

Options:

A.

22

B.

80

C.

443

D.

1433

Buy Now
Questions 74

An organization has the following policy statements:

• AlI emails entering or leaving the organization will be subject to inspection for malware, policy violations, and unauthorized coolant.

•AM network activity will be logged and monitored.

• Confidential data will be tagged and tracked

• Confidential data must never be transmitted in an unencrypted form.

• Confidential data must never be stored on an unencrypted mobile device.

Which of the following is the organization enforcing?

Options:

A.

Acceptable use policy

B.

Data privacy policy

C.

Encryption policy

D.

Data management, policy

Buy Now
Questions 75

A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application. Which of the following is a security concern when using a PaaS solution?

Options:

A.

The use of infrastructure-as-code capabilities leads to an increased attack surface.

B.

Patching the underlying application server becomes the responsibility of the client.

C.

The application is unable to use encryption at the database level.

D.

Insecure application programming interfaces can lead to data compromise.

Buy Now
Questions 76

A security analyst needs to provide a copy of a hard drive for forensic analysis. Which of the following would allow the analyst to perform the task?

A)

CS0-002 Question 76

B)

CS0-002 Question 76

C)

CS0-002 Question 76

D)

CS0-002 Question 76

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 77

During a routine security review, anomalous traffic from 9.9.9.9 was observed accessing a web server in the corporate perimeter network. The server is mission critical and must remain accessible around the world to serve web content. The Chief Information Security Officer has directed that improper traffic must be restricted. The following output is from the web server:

CS0-002 Question 77

Which of the following is the best method to accomplish this task?

Options:

A.

Adjusting the IDS to block anomalous activity

B.

Implementing port security

C.

Adding 9.9.9.9 to the blocklist

D.

Adjusting the firewall

Buy Now
Questions 78

An organization is experiencing security incidents in which a systems administrator is creating unauthorized user accounts A security analyst has created a script to snapshot the system configuration each day. Following iss one of the scripts:

CS0-002 Question 78

This script has been running successfully every day. Which of the following commands would provide the analyst with additional useful information relevant to the above script?

A)

CS0-002 Question 78

B)

CS0-002 Question 78

C)

CS0-002 Question 78

D)

CS0-002 Question 78

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 79

An incident response plan requires systems that contain critical data to be triaged first in the event of a compromise. Which of the following types of data would most likely be classified as critical?

Options:

A.

Encrypted data

B.

data

C.

Masked data

D.

Marketing data

Buy Now
Questions 80

After running the cat file01.bin | hexdump -c command, a security analyst reviews the following output snippet:

00000000 ff d8 ft e0 00 10 4a 46 49 46 00 01 01 00 00 01 |......JFIF......|

Which of the following digital-forensics techniques is the analyst using?

Options:

A.

Reviewing the file hash

B.

Debugging the binary file

C.

Implementing file carving

D.

Verifying the file type

E.

Utilizing reverse engineering

Buy Now
Questions 81

During a review of SIEM alerts, a securrty analyst discovers the SIEM is receiving many alerts per day from the file-integrity monitoring toot about files from a newly deployed application that should not change. Which of the following steps should the analyst complete FIRST to respond to the issue7

Options:

A.

Warn the incident response team that the server can be compromised

B.

Open a ticket informing the development team about the alerts

C.

Check if temporary files are being monitored

D.

Dismiss the alert, as the new application is still being adapted to the environment

Buy Now
Questions 82

An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issued mobile device while connected to the network. Which of the following actions would help during the forensic analysis of the mobile device? (Select TWO).

Options:

A.

Resetting the phone to factory settings

B.

Rebooting the phone and installing the latest security updates

C.

Documenting the respective chain of custody

D.

Uninstalling any potentially unwanted programs

E.

Performing a memory dump of the mobile device for analysis

F.

Unlocking the device by browsing the eFuse

Buy Now
Questions 83

A company needs to expand Its development group due to an influx of new feature requirements (rom Its customers. To do so quickly, the company is using Junior-level developers to fill in as needed. The company has found a number of vulnerabilities that have a direct correlation to the code contributed by the junior-level developers. Which of the following controls would best help to reduce the number of software vulnerabilities Introduced by this situation?

Options:

A.

Requiring senior-level developers to review code written by junior-level developers

B.

Hiring senior-level developers only

C.

Allowing only senior-level developers to write code for new features

D.

Using authorized source code repositories only

Buy Now
Questions 84

A company experienced a security compromise due to the inappropriate disposal of one of its hardware appliances. Sensitive information stored on the hardware appliance was not removed prior to disposal. Which of the following is the BEST manner in which to dispose of the hardware appliance?

Options:

A.

Ensure the hardware appliance has the ability to encrypt the data before disposing of it.

B.

Dispose of all hardware appliances securely, thoroughly, and in compliance with company policies.

C.

Return the hardware appliance to the vendor, as the vendor is responsible for disposal.

D.

Establish guidelines for the handling of sensitive information.

Buy Now
Questions 85

A forensics investigator is analyzing a compromised workstation. The investigator has cloned the hard drive and needs to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive that was collected as evidence. Which of the following should the investigator do?

Options:

A.

Insert the hard drive on a test computer and boot the computer.

B.

Record the serial numbers of both hard drives.

C.

Compare the file-directory "sting of both hard drives.

D.

Run a hash against the source and the destination.

Buy Now
Questions 86

A security analyst is investigating a data leak on a corporate website. The attacker was able to dump data by sending a crafted HTTP request with the following payload:

CS0-002 Question 86

Which of the following systems would most likely have logs with details regarding the threat actor's requests?

Options:

A.

Cloud WAF

B.

Internal proxy

C.

TAXII server

D.

Hardware security module

Buy Now
Questions 87

A security analyst found an old version of OpenSSH running on a DMZ server and determined the following piece of code could have led to a command execution through an integer overflow;

CS0-002 Question 87

Which of the following controls must be in place to prevent this vulnerability?

Options:

A.

Convert all integer numbers in strings to handle the memory buffer correctly.

B.

Implement float numbers instead of integers to prevent integer overflows.

C.

Use built-in functions from libraries to check and handle long numbers properly.

D.

Sanitize user inputs, avoiding small numbers that cannot be handled in the memory.

Buy Now
Questions 88

The management team has asked a senior security engineer to explore DLP security solutions for the company's growing use of cloud-based storage. Which of the following is an appropriate solution to control the sensitive data that is being stored in the cloud?

Options:

A.

NAC

B.

IPS

C.

CASB

D.

WAF

Buy Now
Questions 89

An internally developed file-monitoring system identified the following except as causing a program to crash often:

CS0-002 Question 89

Which of the following should a security analyst recommend to fix the issue?

Options:

A.

Open the access.log file ri read/write mode.

B.

Replace the strcpv function.

C.

Perform input samtizaton

D.

Increase the size of the file data buffer

Buy Now
Questions 90

A security analyst is reviewing vulnerability scans from an organization's internet-facing web services. The following is from an output file called ssl-test_webapps.comptia.org:

CS0-002 Question 90

CS0-002 Question 90

Which of the following lines from this output most likely indicates that attackers could quickly use brute force and determine the negotiated secret session key?

Options:

A.

TLS_RSA_WITH_DES_CBC_SHA 56

B.

TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 DH (1024 bits)

C.

TLS_RSA_K1TH_A£S_256_CBC_SHA 256

D.

TLS_DHE_RSA_WITH_AES_256_GCM_SHA256 DH (2048 bits)

Buy Now
Questions 91

A cybersecurity analyst is researching operational data to develop a script that will detect the presence of a threat on corporate assets. Which of the following contains the most useful information to produce this script?

Options:

A.

API documentation

B.

Protocol analysis captures

C.

MITRE ATT&CK reports

D.

OpenloC files

Buy Now
Questions 92

Which of the following is the primary reason financial institutions may share up-to-date threat intelligence information on a secure feed that is

dedicated to their sector?

Options:

A.

To augment information about common malicious actors and indicators of compromise

B.

To prevent malicious actors from knowing they can defend against malicious attacks

C.

To keep other industries from accessing information meant for financial institutions

D.

To focus on attacks specifically targeted at their customers’ mobile applications

Buy Now
Questions 93

Members of the sales team are using email to send sensitive client lists with contact information to their personal accounts The company's AUP and code of conduct prohibits this practice. Which of the following configuration changes would improve security and help prevent this from occurring?

Options:

A.

Configure the DLP transport rules to provide deep content analysis.

B.

Put employees' personal email accounts on the mail server on a blocklist.

C.

Set up IPS to scan for outbound emails containing names and contact information.

D.

Use Group Policy to prevent users from copying and pasting information into emails.

E.

Move outbound emails containing names and contact information to a sandbox for further examination.

Buy Now
Questions 94

A cybersecurity analyst inspects DNS logs on a regular basis to identify possible IOCs that are not triggered by known signatures. The analyst reviews the following log snippet:

CS0-002 Question 94

Which of the following should the analyst do next based on the information reviewed?

Options:

A.

The analyst should disable DNS recursion.

B.

The analyst should block requests to no—thanks. invalid.

C.

The analyst should disconnect host 192.168.1.67.

D.

The analyst should sinkhole 102.100.20.20.

E.

The analyst should disallow queries to the 8.8.8.8 resolver.

Buy Now
Questions 95

An organization is performing a risk assessment to prioritize resources for mitigation and remediation based on impact. Which of the following metrics, in addition to the CVSS for each CVE, would best enable the organization to prioritize its efforts?

Options:

A.

OS type

B.

OS or application versions

C.

Patch availability

D.

System architecture

E.

Mission criticality

Buy Now
Questions 96

During a forensic investigation, a security analyst reviews some Session Initiation Protocol packets that came from a suspicious IP address. Law enforcement requires access to a VoIP call

that originated from the suspicious IP address. Which of the following should the analyst use to accomplish this task?

Options:

A.

Wireshark

B.

iptables

C.

Tcpdump

D.

Netflow

Buy Now
Questions 97

Which of the following BEST explains the function of a managerial control?

Options:

A.

To help design and implement the security planning, program development, and maintenance of the security life cycle

B.

To guide the development of training, education, security awareness programs, and system maintenance

C.

To create data classification, risk assessments, security control reviews, and contingency planning

D.

To ensure tactical design, selection of technology to protect data, logical access reviews, and the implementation of audit trails

Buy Now
Questions 98

A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization:

CS0-002 Question 98

CS0-002 Question 98

Which of the following technologies would MOST likely be used to prevent this phishing attempt?

Options:

A.

DNSSEC

B.

DMARC

C.

STP

D.

S/IMAP

Buy Now
Questions 99

A threat feed disclosed a list of files to be used as an loC for a zero-day vulnerability. A cybersecurity analyst decided to include a custom lookup for these files on the endpoint's log-in script as a mechanism to:

Options:

A.

automate malware signature creation.

B.

close the threat intelligence cycle loop.

C.

generate a STIX object for the TAXII server

D.

improve existing detection capabilities.

Buy Now
Questions 100

An analyst is reviewing registry keys for signs of possible compromise. The analyst observes the following entries:

CS0-002 Question 100

Which of the following entries should the analyst investigate first?

Options:

A.

IAStorIcon

B.

Quickset

C.

SecurityHeaIth

D.

calc

E.

Word

Buy Now
Questions 101

A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.

Instructions:

Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.

For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.

Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.

The Linux Web Server, File-Print Server and Directory Server are draggable.

If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

CS0-002 Question 101

CS0-002 Question 101

Options:

Buy Now
Questions 102

A company has a cluster of web servers that is critical to the business. A systems administrator installed a utility to troubleshoot an issue, and the utility caused the entire cluster to 90 offline. Which of the following solutions would work BEST prevent to this from happening again?

Options:

A.

Change management

B.

Application whitelisting

C.

Asset management

D.

Privilege management

Buy Now
Questions 103

A security analyst is attempting to resolve an incident in which highly confidential company pricing information was sent to clients. It appears this information was unintentionally sent by an employee who attached it to public marketing material. Which of the following configuration changes would work BEST to limit the risk of this incident being repeated?

Options:

A.

Add client addresses to the blocklist.

B.

Update the DLP rules and metadata.

C.

Sanitize the marketing material.

D.

Update the insider threat procedures.

Buy Now
Questions 104

A security analyst is running a tool against an executable of an unknown source. The Input supplied by the tool to the executable program and the output from the executable are shown below:

CS0-002 Question 104

Which of the following should the analyst report after viewing this Information?

Options:

A.

A dynamic library that is needed by the executable a missing

B.

Input can be crafted to trigger an Infection attack in the executable

C.

The toot caused a buffer overflow in the executable's memory

D.

The executable attempted to execute a malicious command

Buy Now
Questions 105

A security team has begun updating the risk management plan, incident response plan, and system security plan to ensure compliance with security review guidelines. Which of the following can be executed by internal managers to simulate and validate the proposed changes?

Options:

A.

Internal management review

B.

Control assessment

C.

Tabletop exercise

D.

Peer review

Buy Now
Questions 106

While observing several host machines, a security analyst notices a program is overwriting data to a buffer. Which of the following controls will best mitigate this issue?

Options:

A.

Data execution prevention

B.

Output encoding

C.

Prepared statements

D.

Parameterized queries

Buy Now
Questions 107

Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?

Options:

A.

Security regression testing

B.

Code review

C.

User acceptance testing

D.

Stress testing

Buy Now
Questions 108

After detecting possible malicious external scanning, an internal vulnerability scan was performed, and a critical server was found with an outdated version of JBoss. A legacy application that is running depends on that version of JBoss. Which of the following actions should be taken FIRST to prevent server compromise and business disruption at the same time?

Options:

A.

Make a backup of the server and update the JBoss server that is running on it.

B.

Contact the vendor for the legacy application and request an updated version.

C.

Create a proper DMZ for outdated components and segregate the JBoss server.

D.

Apply visualization over the server, using the new platform to provide the JBoss service for the legacy application as an external service.

Buy Now
Questions 109

Company A is m the process of merging with Company B As part of the merger, connectivity between the ERP systems must be established so portent financial information can be shared between the two entitles. Which of the following will establish a more automated approach to secure data transfers between the two entities?

Options:

A.

Set up an FTP server that both companies can access and export the required financial data to a folder.

B.

Set up a VPN between Company A and Company B. granting access only lo the ERPs within the connection

C.

Set up a PKI between Company A and Company B and Intermediate shared certificates between the two entities

D.

Create static NATs on each entity's firewalls that map lo the ERP systems and use native ERP authentication to allow access.

Buy Now
Questions 110

CS0-002 Question 110

Which of the following lines from this output most likely indicates that attackers could quickly use brute force and determine the negotiated secret session key?

Options:

A.

TLS_RSA_WITH_DES_CBC_SHA 56

B.

TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 DH (1024 bits)

C.

TLS_RSA_WITH_AES_256_CBC_SHA 256

D.

TLS_DHE_RSA_WITH_AES_256_GCM_SHA256 DH (2048 bits)

Buy Now
Questions 111

The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the company's singe internet connection. Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT Department?

Options:

A.

Require the guest machines to install the corporate-owned EDR solution.

B.

Configure NAC to only allow machines on the network that are patched and have active antivirus.

C.

Place a firewall In between the corporate network and the guest network

D.

Configure the IPS with rules that will detect common malware signatures traveling from the guest network.

Buy Now
Exam Code: CS0-002
Exam Name: CompTIA CySA+ Certification Exam (CS0-002)
Last Update: Mar 22, 2024
Questions: 372

PDF + Testing Engine

$75.95  $216.99

Testing Engine

$53.2  $151.99
buy now CS0-002 testing engine

PDF (Q&A)

$49  $139.99
buy now CS0-002 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 28 Mar 2024