Summer Sale - Special Discounts Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 63r59951

CS0-002 CompTIA CySA+ Certification Exam (CS0-002) Questions and Answers

Questions 4

The developers recently deployed new code to three web servers. A daffy automated external device scan report shows server vulnerabilities that are failure items according to PCI DSS.

If the venerability is not valid, the analyst must take the proper steps to get the scan clean.

If the venerability is valid, the analyst must remediate the finding.

After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result and Remediation Action for each server listed using the drop-down options.

INTRUCTIONS:

The simulation includes 2 steps.

Step1:Review the information provided in the network diagram and then move to the STEP 2 tab.

CS0-002 Question 4

CS0-002 Question 4

STEP 2: Given the Scenario, determine which remediation action is required to address the vulnerability.

CS0-002 Question 4

Options:

Buy Now
Questions 5

During a review of SIEM alerts, a securrty analyst discovers the SIEM is receiving many alerts per day from the file-integrity monitoring toot about files from a newly deployed application that should not change. Which of the following steps should the analyst complete FIRST to respond to the issue7

Options:

A.

Warn the incident response team that the server can be compromised

B.

Open a ticket informing the development team about the alerts

C.

Check if temporary files are being monitored

D.

Dismiss the alert, as the new application is still being adapted to the environment

Buy Now
Questions 6

Which of the following is the most effective approach to minimize the occurrence of vulnerabilities introduced by unintentional misconfigurations in the cloud?

Options:

A.

Requiring security training certification before granting access to staff

B.

Migrating all resources to a private cloud deployment

C.

Restricting changes to the deployment of validated laC templates

D.

Reducing laaS deployments by fostering serverless architectures

Buy Now
Questions 7

An organizational policy requires one person to input accounts payable and another to do accounts receivable. A separate control requires one person to write a check and another person to sign all checks greater than $5,000 and to get an additional signature for checks greater than $10,000. Which of the following controls has the organization implemented?

Options:

A.

Segregation of duties

B.

Job rotation

C.

Non-repudiaton

D.

Dual control

Buy Now
Questions 8

To validate local system-hardening requirements, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

Options:

A.

SCAP

B.

SAST

C.

DAST

D.

DACS

Buy Now
Questions 9

During an incident response procedure, a security analyst extracted a binary file from the disk of a compromised server. Which of the following is the best approach for analyzing the file without executing it?

Options:

A.

Memory analysis

B.

Hash signature check

C.

Reverse engineering

D.

Dynamic analysis

Buy Now
Questions 10

Which of the following BEST explains the function of a managerial control?

Options:

A.

To help design and implement the security planning, program development, and maintenance of the security life cycle

B.

To guide the development of training, education, security awareness programs, and system maintenance

C.

To create data classification, risk assessments, security control reviews, and contingency planning

D.

To ensure tactical design, selection of technology to protect data, logical access reviews, and the implementation of audit trails

Buy Now
Questions 11

An organization recently discovered that spreadsheet files containing sensitive financial data were improperly stored on a web server. The management team wants to find out if any of these files were downloaded by pubic users accessing the server. The results should be written to a text file and should induce the date. time, and IP address associated with any spreadsheet downloads. The web server's log file Is named webserver log, and the report We name should be accessreport.txt. Following is a sample of the web servefs.log file:

2017-0-12 21:01:12 GET /index.htlm - @4..102.33.7 - return=200 1622

Which of the following commands should be run if an analyst only wants to include entries in which spreadsheet was successfully downloaded?

Options:

A.

more webserver.log | grep * xIs > accessreport.txt

B.

more webserver.log > grep ''xIs > egrep -E 'success' > accessreport.txt

C.

more webserver.log | grep ' -E ''return=200 | accessreport.txt

D.

more webserver.log | grep -A *.xIs < accessreport.txt

Buy Now
Questions 12

During the onboarding process for a new vendor, a security analyst obtains a copy of the vendor's latest penetration test summary:

CS0-002 Question 12

Performed by: Vendor Red Team Last performed: 14 days ago

Which of the following recommendations should the analyst make first?

Options:

A.

Perform a more recent penetration test.

B.

Continue vendor onboarding.

C.

Disclose details regarding the findings.

D.

Have a neutral third party perform a penetration test.

Buy Now
Questions 13

Given the Nmap request below:

CS0-002 Question 13

Which of the following actions will an attacker be able to initiate directly against this host?

Options:

A.

Password sniffing

B.

ARP spoofing

C.

A brute-force attack

D.

An SQL injection

Buy Now
Questions 14

A security analyst needs to provide a copy of a hard drive for forensic analysis. Which of the following would allow the analyst to perform the task?

A)

CS0-002 Question 14

B)

CS0-002 Question 14

C)

CS0-002 Question 14

D)

CS0-002 Question 14

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 15

An IT security analyst has received an email alert regarding vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?

Options:

A.

SCADA

B.

CAN bus

C.

Modbus

D.

loT

Buy Now
Questions 16

A company notices unknown devices connecting to the internal network and would like to implement a solution to block all non-corporate managed machines. Which of the following solutions would be best to accomplish this goal?

Options:

A.

WPA2 for W1F1 networks

B.

NAC with 802.1X implementation

C.

Extensible Authentication Protocol

D.

RADIUS with challenge/response

Buy Now
Questions 17

A security analyst performed a targeted system vulnerability scan to obtain critical information. After the output result, the analyst used the OVAL XML language to review and calculate the discovered risk. Which of the following types of scans did the security analyst perform?

Options:

A.

Active

B.

Network map

C.

Passive

D.

External

Buy Now
Questions 18

A company's domain has been spooled in numerous phishing campaigns. An analyst needs to determine the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that fails DMARC upon review of the record, the analyst finds the following:

CS0-002 Question 18

Which of the following BEST explains the reason why the company's requirements are not being processed correctly by mailbox providers?

Options:

A.

The DMARC record's DKIM alignment tag Is incorrectly configured.

B.

The DMARC record's policy tag is incorrectly configured.

C.

The DMARC record does not have an SPF alignment tag.

D.

The DMARC record's version tag is set to DMARC1 instead of the current version, which is DMARC3.

Buy Now
Questions 19

Due to continued support of legacy applications, an organization's enterprise password complexity rules are inadequate for its required security posture. Which of the following is the BEST compensating control to help reduce authentication compromises?

Options:

A.

Smart cards

B.

Multifactor authentication

C.

Biometrics

D.

Increased password-rotation frequency

Buy Now
Questions 20

Some hard disks need to be taken as evidence for further analysis during an incident response. Which of the following procedures must be completed FIRST for this type of evidence acquisition?

Options:

A.

Extract the hard drives from the compromised machines and then plug them into a forensics machine to apply encryption over the stored data to protect it from nonauthorized access.

B.

Build the chain-of-custody document, noting the media model, serial number, size, vendor, date, and time of acquisition.

C.

Perform a disk sanitization using the command #dd if=/dev/zero of=/dev/sdc bs=1M over the media that will receive a copy of the collected data.

D.

Execute the command #dd if-/dev/sda of=/dev/sdc bs=512 to clone the evidence data to external media to prevent any further change.

Buy Now
Questions 21

An organization is required to be able to consume multiple threat feeds simultaneously and to provide actionable intelligence to various teams. The organization would also like to be able to leverage the intelligence to enrich security event data. Which of the following functions would most likely help the security analyst meet the organization's requirements?

Options:

A.

Vulnerability management

B.

Risk management

C.

Detection and monitoring

D.

Incident response

Buy Now
Questions 22

When investigating a compromised system, a security analyst finds the following script in the /tmp directory:

CS0-002 Question 22

Which of the following attacks is this script attempting, and how can it be mitigated?

Options:

A.

This is a password-hijacking attack, and it can be mitigated by using strong encryption protocols.

B.

This is a password-spraying attack, and it can be mitigated by using multifactor authentication.

C.

This is a password-dictionary attack, and it can be mitigated by forcing password changes every 30 days.

D.

This is a credential-stuffing attack, and it can be mitigated by using multistep authentication.

Buy Now
Questions 23

An employee contacts the SOC to report a high-severity bug that was identified in a new, internally developed web application, which went live in production last week. The SOC staff did not receive contact details or escalation procedures to follow. Which of the following stages of the SDLC

process was overlooked?

Options:

A.

Input validation

B.

Planning

C.

Implementation and integration

D.

Operations and maintenance

Buy Now
Questions 24

An organization is adopting loT devices at an increasing rate and will need to account for firmware updates in its vulnerability management programs. Despite the number of devices being deployed, the organization has only focused on software patches so far. leaving hardware-related weaknesses open to compromise. Which of the following best practices will help the organization to track and deploy trusted firmware updates as part of its vulnerability management programs?

Options:

A.

Utilize threat intelligence to guide risk evaluation activities and implement critical updates after proper testing.

B.

Apply all firmware updates as soon as they are released to mitigate the risk of compromise.

C.

Determine an annual patch cadence to ensure all patching occurs at the same time.

D.

Implement an automated solution that detects when vendors release firmware updates and immediately deploy updates to production.

Buy Now
Questions 25

A security analyst found an old version of OpenSSH running on a DMZ server and determined the following piece of code could have led to a command execution through an integer overflow;

CS0-002 Question 25

Which of the following controls must be in place to prevent this vulnerability?

Options:

A.

Convert all integer numbers in strings to handle the memory buffer correctly.

B.

Implement float numbers instead of integers to prevent integer overflows.

C.

Use built-in functions from libraries to check and handle long numbers properly.

D.

Sanitize user inputs, avoiding small numbers that cannot be handled in the memory.

Buy Now
Questions 26

Which of the following is a reason to use a nsk-based cybersecunty framework?

Options:

A.

A risk-based approach always requires quantifying each cyber nsk faced by an organization

B.

A risk-based approach better allocates an organization's resources against cyberthreats and vulnerabilities

C.

A risk-based approach is driven by regulatory compliance and es required for most organizations

D.

A risk-based approach prioritizes vulnerability remediation by threat hunting and other qualitative-based processes

Buy Now
Questions 27

An organization has a strict policy that if elevated permissions are needed, users should always run commands under their own account, with temporary administrator privileges if necessary. A security analyst is reviewing syslog entries and sees the following:

CS0-002 Question 27

Which of the following entries should cause the analyst the MOST concern?

Options:

A.

<100>2 2020-01-10T19:33:41.002z webserver su 201 32001 = BOM ' su vi httpd.conf' failed for joe

B.

<100>2 2020-01-10T20:36:36.0010z financeserver su 201 32001 = BOM ' sudo vi users.txt success

C.

<100> 2020-01-10T19:33:48.002z webserver sudo 201 32001 = BOM ' su vi syslog.conf failed for jos

D.

<100> 2020-01-10T19:34..002z financeserver su 201 32001 = BOM ' su vi success

E.

<100> 2020-01-10T19:33:48.002z webserver sudo 201 32001 = BOM ' su vi httpd.conf' success

Buy Now
Questions 28

An email analysis system notifies a security analyst that the following message was quarantined and requires further review.

CS0-002 Question 28

Which of the following actions should the security analyst take?

Options:

A.

Release the email for delivery due to its importance.

B.

Immediately contact a purchasing agent to expedite.

C.

Delete the email and block the sender.

D.

Purchase the gift cards and submit an expense report.

Buy Now
Questions 29

A security analyst needs to recommend the best approach to test a new application that simulates abnormal user behavior to find software bugs. Which of the following would best accomplish this task?

Options:

A.

A static analysis to find libraries with flaws handling user inputs

B.

A dynamic analysis using a dictionary to simulate user inputs

C.

Reverse engineering to circumvent software protections

D.

Fuzzing tools with polymorphic methods

Buy Now
Questions 30

A security analyst discovers the company's website is vulnerable to cross-site scripting. Which of the following solutions will best remedy the vulnerability?

Options:

A.

Prepared statements

B.

Server-side input validation

C.

Client-side input encoding

D.

Disabled JavaScript filtering

Buy Now
Questions 31

During a routine security review, anomalous traffic from 9.9.9.9 was observed accessing a web server in the corporate perimeter network. The server is mission critical and must remain accessible around the world to serve web content. The Chief Information Security Officer has directed that improper traffic must be restricted. The following output is from the web server:

CS0-002 Question 31

Which of the following is the best method to accomplish this task?

Options:

A.

Adjusting the IDS to block anomalous activity

B.

Implementing port security

C.

Adding 9.9.9.9 to the blocklist

D.

Adjusting the firewall

Buy Now
Questions 32

During an investigation, an analyst discovers the following rule in an executive's email client:

CS0-002 Question 32

The executive is not aware of this rule. Which of the following should the analyst do first to evaluate the potential impact of this security incident?

Options:

A.

Check the server logs to evaluate which emails were sent to .

B.

Use the SIEM to correlate logging events from the email server and the domain server.

C.

Remove the rule from the email client and change the password.

D.

Recommend that the management team implement SPF and DKIM.

Buy Now
Questions 33

Which of the following is a vulnerability associated with the Modbus protocol?

Options:

A.

Weak encryption

B.

Denial of service

C.

Unchecked user input

D.

Lack of authentication

Buy Now
Questions 34

A company is building a new internal network. Instead of creating new credentials, the company wants to streamline each employee's authentication. Which of the following technologies would best fulfill this requirement?

Options:

A.

VPN

B.

SSO

C.

SAML

D.

MFA

Buy Now
Questions 35

A security analyst is reviewing a firewall usage report that contains traffic generated over the last 30 minutes in order to locate unusual traffic patterns:

CS0-002 Question 35

Which of the following source IP addresses does the analyst need to investigate further?

Options:

A.

10.18.76.179

B.

10.50.180.49

C.

192.168.48.147

D.

192.168.100.5

Buy Now
Questions 36

An organization announces that all employees will need to work remotely for an extended period of time. All employees will be provided with a laptop and supported hardware to facilitate this requirement. The organization asks the information security division to reduce the risk during this time. Which of the following is a technical control that will reduce the risk of data loss if a laptop is lost or stolen?

Options:

A.

Requiring the use of the corporate VPN

B.

Requiring the screen to be locked after five minutes of inactivity

C.

Requiring the laptop to be locked in a cabinet when not in use

D.

Requiring full disk encryption

Buy Now
Questions 37

A security analyst is correlating, ranking, and enriching raw data into a report that will be interpreted by humans or machines to draw conclusions and create actionable recommendations Which of the following steps in the intelligence cycle is the security analyst performing?

Options:

A.

Analysis and production

B.

Processing and exploitation

C.

Dissemination and evaluation

D.

Data collection

E.

Planning and direction

Buy Now
Questions 38

A manufacturing company has joined the information sharing and analysis center for its sector. As a benefit, the company will receive structured loC data contributed by other members. Which of the following best describes the utility of this data?

Options:

A.

Other members will have visibility into Instances o' positive loC identification within me manufacturing company's corporate network.

B.

The manufacturing company will have access to relevant malware samples from all other manufacturing sector members.

C.

Other members will automatically adjust their security postures lo defend the manufacturing company's processes.

D.

The manufacturing company can automatically generate security configurations for all of Its Infrastructure.

Buy Now
Questions 39

Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?

Options:

A.

Security regression testing

B.

Code review

C.

User acceptance testing

D.

Stress testing

Buy Now
Questions 40

Which of the following activities is designed to handle a control

failure that leads to a breach?

Options:

A.

Risk assessment

B.

Incident management

C.

Root cause analysis

D.

Vulnerability management

Buy Now
Questions 41

A security analyst is investigate an no client related to an alert from the threat detection platform on a host (10.0 1.25) in a staging environment that could be running a cryptomining tool because it in sending traffic to an IP address that are related to Bitcoin.

The network rules for the instance are the following:

CS0-002 Question 41

Which of the following is the BEST way to isolate and triage the host?

Options:

A.

Remove rules 1.2. and 3.

B.

Remove rules 1.2. 4. and 5.

C.

Remove rules 1.2. 3.4. and 5.

D.

Remove rules 1.2. and 5.

E.

Remove rules 1.4. and 5.

F.

Remove rules 4 and 5

Buy Now
Questions 42

A security analyst discovers suspicious host activity while performing monitoring activities. The analyst pulls a packet capture for the activity and sees the following:

CS0-002 Question 42

Which of the following describes what has occurred?

Options:

A.

The host attempted to download an application from utoftor.com.

B.

The host downloaded an application from utoftor.com.

C.

The host attempted to make a secure connection to utoftor.com.

D.

The host rejected the connection from utoftor.com.

Buy Now
Questions 43

A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:

Options:

A.

detection and prevention capabilities to improve.

B.

which systems were exploited more frequently.

C.

possible evidence that is missing during forensic analysis.

D.

which analysts require more training.

E.

the time spent by analysts on each of the incidents.

Buy Now
Questions 44

Which of the following ICS network protocols has no inherent security functions on TCP port 502?

Options:

A.

CIP

B.

DHCP

C.

SSH

D.

Modbus

Buy Now
Questions 45

A security analyst is researching ways to improve the security of a company's email system to mitigate emails that are impersonating company executives. Which of the following would be BEST for the analyst to configure to achieve this objective?

Options:

A.

A TXT record on the name server for SPF

B.

DNSSEC keys to secure replication

C.

Domain Keys identified Man

D.

A sandbox to check incoming mad

Buy Now
Questions 46

A company experienced a security compromise due to the inappropriate disposal of one of its hardware appliances. Sensitive information stored on the hardware appliance was not removed prior to disposal. Which of the following is the BEST manner in which to dispose of the hardware appliance?

Options:

A.

Ensure the hardware appliance has the ability to encrypt the data before disposing of it.

B.

Dispose of all hardware appliances securely, thoroughly, and in compliance with company policies.

C.

Return the hardware appliance to the vendor, as the vendor is responsible for disposal.

D.

Establish guidelines for the handling of sensitive information.

Buy Now
Questions 47

Which of the following APT adversary archetypes represent non-nation-state threat actors? (Select TWO)

Options:

A.

Kitten

B.

Panda

C.

Tiger

D.

Jackal

E.

Bear

F.

Spider

Buy Now
Questions 48

During an Incident, it Is determined that a customer database containing email addresses, first names, and last names was exfiltrated. Which ot the following should the security analyst do NEXT?

Options:

A.

Consult with the legal department for regulatory impact.

B.

Encrypt the database with available tools.

C.

Email the customers to inform them of the breach.

D.

Follow the incident communications process.

Buy Now
Questions 49

Which of the following is the BEST option to protect a web application against CSRF attacks?

Options:

A.

Update the web application to the latest version.

B.

Set a server-side rate limit for CSRF token generation.

C.

Avoid the transmission of CSRF tokens using cookies.

D.

Configure the web application to only use HTTPS and TLS 1.3.

Buy Now
Questions 50

The majority of a company's employees have stated they are unable to perform their job duties due to outdated workstations, so the company has decided to institute BYOD. Which of the following would a security analyst MOST likely recommend for securing the proposed solution?

Options:

A.

A Linux-based system and mandatory training on Linux for all BYOD users

B.

A firewalled environment for client devices and a secure VDl for BYOO users

C.

A standardized anti-malware platform and a unified operating system vendor

D.

802.1X lo enforce company policy on BYOD user hardware

Buy Now
Questions 51

industry partners from critical infrastructure organizations were victims of attacks on their SCADA devices. The attacks used privilege escalation to gain access to SCADA administration and access management solutions would help to mitigate this risk?

Options:

A.

Multifactor authentication

B.

Manual access reviews

C.

Endpoint detection and response

D.

Role-based access control

Buy Now
Questions 52

You are a penetration tester who is reviewing the system hardening guidelines for a company. Hardening guidelines indicate the following.

  • There must be one primary server or service per device.
  • Only default port should be used
  • Non- secure protocols should be disabled.
  • The corporate internet presence should be placed in a protected subnet

Instructions :

  • Using the available tools, discover devices on the corporate network and the services running on these devices.

You must determine

  • ip address of each device
  • The primary server or service each device
  • The protocols that should be disabled based on the hardening guidelines

CS0-002 Question 52

CS0-002 Question 52

Options:

Buy Now
Questions 53

A systems administrator believes a user's workstation has been compromised. The workstation's performance has been lagging significantly for the past several hours. The administrator runs the task list

/ v command and receives the following output:

CS0-002 Question 53

Which of the following should a security analyst recognize as an indicator of compromise?

Options:

A.

dwm.exe being executed under the user context

B.

The high usage of vscode. exe * 32

C.

The abnormal behavior of paint.exe

D.

svchost.exe being executed as SYSTEM

Buy Now
Questions 54

After detecting possible malicious external scanning, an internal vulnerability scan was performed, and a critical server was found with an outdated version of JBoss. A legacy application that is running depends on that version of JBoss. Which of the following actions should be taken FIRST to prevent server compromise and business disruption at the same time?

Options:

A.

Make a backup of the server and update the JBoss server that is running on it.

B.

Contact the vendor for the legacy application and request an updated version.

C.

Create a proper DMZ for outdated components and segregate the JBoss server.

D.

Apply visualization over the server, using the new platform to provide the JBoss service for the legacy application as an external service.

Buy Now
Questions 55

A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization:

CS0-002 Question 55

CS0-002 Question 55

Which of the following technologies would MOST likely be used to prevent this phishing attempt?

Options:

A.

DNSSEC

B.

DMARC

C.

STP

D.

S/IMAP

Buy Now
Questions 56

An organization has a policy that requires dedicated user accounts to run programs that need elevated privileges. Users must be part of a group that allows elevated permissions. While reviewing security logs, an analyst sees the following:

CS0-002 Question 56

Which of the following hosts violates the organizational policies?

Options:

A.

pacer

B.

ford

C.

gremlin

D.

lincoln

Buy Now
Questions 57

A small business does not have enough staff in the accounting department to segregate duties. The controller writes the checks for the business and reconciles them against the ledger. To ensure there is no fraud occurring, the business conducts quarterly reviews in which a different officer in the business compares all the cleared checks against the ledger. Which of the following BEST describes this type of control?

Options:

A.

Deterrent

B.

Preventive

C.

Compensating

D.

Detective

Buy Now
Questions 58

A security analyst notices the following entry while reviewing the server togs

OR 1=1' ADD USER attacker' PW 1337password' ----

Which of the following events occurred?

Options:

A.

CSRF

B.

XSS

C.

SQLi

D.

RCE

Buy Now
Questions 59

A Chief Information Secunty Officer has asked for a list of hosts that have critical and high-seventy findings as referenced in the CVE database. Which of the following tools would produce the assessment output needed to satisfy this request?

Options:

A.

Nessus

B.

Nikto

C.

Fuzzer

D.

Wireshark

E.

Prowler

Buy Now
Questions 60

A product security analyst has been assigned to evaluate and validate a new products security capabilities Part of the evaluation involves reviewing design changes at specific intervals tor security deficiencies recommending changes and checking for changes at the next checkpoint Which of the following BEST defines the activity being conducted?

Options:

A.

User acceptance testing

B.

Stress testing

C.

Code review

D.

Security regression testing

Buy Now
Questions 61

A company uses an FTP server to support its critical business functions The FTP server is configured as follows:

• The FTP service is running with (he data duectory configured in /opt/ftp/data.

• The FTP server hosts employees' home aVectories in /home

• Employees may store sensitive information in their home directories

An loC revealed that an FTP director/ traversal attack resulted in sensitive data loss Which of the following should a server administrator implement to reduce the risk of current and future directory traversal attacks targeted at the FTP server?

Options:

A.

Implement file-level encryption of sensitive files

B.

Reconfigure the FTP server to support FTPS

C.

Run the FTP server n a chroot environment

D.

Upgrade the FTP server to the latest version

Buy Now
Questions 62

An organization wants to collect loCs from multiple geographic regions so it can sell the information to its customers. Which of the following should the organization deploy to accomplish this task?

Options:

A.

A honeypot

B.

A bastion host

C.

A proxy server

D.

A Jumpbox

Buy Now
Questions 63

An analyst needs to understand how an attacker compromised a server. Which of the following procedures will best deliver the information that is necessary to reconstruct the steps taken by the attacker?

Options:

A.

Scan the affected system with an anti-malware tool and check for vulnerabilities with a vulnerability scanner.

B.

Extract the server's system timeline, verifying hashes and network connections during a certain time frame.

C.

Clone the entire system and deploy it in a network segment built for tests and investigations while monitoring the system during a certain time frame.

D.

Clone the server's hard disk and extract all the binary files, comparing hash signatures with malware databases.

Buy Now
Questions 64

A company frequently expenences issues with credential stuffing attacks Which of the following is the BEST control to help prevent these attacks from being successful?

Options:

A.

SIEM

B.

IDS

C.

MFA

D.

TLS

Buy Now
Questions 65

A company has alerted planning the implemented a vulnerability management procedure. However, to security maturity level is low, so there are some prerequisites to complete before risk calculation and prioritization. Which of the following should be completed FIRST?

Options:

A.

A business Impact analysis

B.

A system assessment

C.

Communication of the risk factors

D.

A risk identification process

Buy Now
Questions 66

An organization has the following risk mitigation policies

• Risks without compensating controls will be mitigated first it the nsk value is greater than $50,000

• Other nsk mitigation will be pnontized based on risk value.

The following risks have been identified:

CS0-002 Question 66

Which of the following is the ordei of priority for risk mitigation from highest to lowest?

Options:

A.

A, C, D, B

B.

B, C, D, A

C.

C, B, A, D

D.

C. D, A, B

E.

D, C, B, A

Buy Now
Questions 67

Which of the following describes the mam difference between supervised and unsupervised machine-learning algorithms that are used in cybersecurity applications?

Options:

A.

Supervised algorithms can be used to block attacks, while unsupervised algorithms cannot.

B.

Supervised algorithms require security analyst feedback, while unsupervised algorithms do not.

C.

Unsupervised algorithms are not suitable for IDS systems, white supervised algorithms are

D.

Unsupervised algorithms produce more false positives. Than supervised algorithms.

Buy Now
Questions 68

A Chief Information Security Officer (CISO) is concerned about new privacy regulations that apply to the company. The CISO has tasked a security analyst with finding the proper control functions to verify that a user's data is not altered without the user's consent. Which of the following would be an appropriate course of action?

Options:

A.

Automate the use of a hashing algorithm after verified users make changes to their data.

B.

Use encryption first and then hash the data at regular, defined times.

C.

Use a DLP product to monitor the data sets for unauthorized edits and changes.

D.

Replicate the data sets at regular intervals and continuously compare the copies for unauthorized changes.

Buy Now
Questions 69

A code review reveals a web application is using lime-based cookies for session management. This is a security concern because lime-based cookies are easy to:

Options:

A.

parameterize.

B.

decode.

C.

guess.

D.

decrypt.

Buy Now
Questions 70

A company's application development has been outsourced to a third-party development team. Based on the SLA. The development team must follow industry best practices for secure coding. Which of the following is the BEST way to verify this agreement?

Options:

A.

Input validation

B.

Security regression testing

C.

Application fuzzing

D.

User acceptance testing

E.

Stress testing

Buy Now
Questions 71

The following output is from a tcpdump al the edge of the corporate network:

CS0-002 Question 71

Which of the following best describes the potential security concern?

Options:

A.

Payload lengths may be used to overflow buffers enabling code execution.

B.

Encapsulated traffic may evade security monitoring and defenses

C.

This traffic exhibits a reconnaissance technique to create network footprints.

D.

The content of the traffic payload may permit VLAN hopping.

Buy Now
Questions 72

A security manager has asked an analyst to provide feedback on the results of a penetration test. After reviewing the results, the manager requests

information regarding the possible exploitation of vulnerabilities. Which of the following information data points would be MOST useful for the analyst

to provide to the security manager, who would then communicate the risk factors to the senior management team? (Select TWO).

Options:

A.

Probability

B.

Adversary capability

C.

Attack vector

D.

Impact

E.

Classification

F.

Indicators of compromise

Buy Now
Questions 73

A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output:

CS0-002 Question 73

Which of the following commands should the administrator run next to further analyze the compromised system?

Options:

A.

gbd /proc/1301

B.

rpm -V openssh-server

C.

/bin/Is -1 /proc/1301/exe

D.

kill -9 1301

Buy Now
Questions 74

An analyst determines a security incident has occurred Which of the following is the most appropnate NEXT step in an incident response plan?

Options:

A.

Consult the malware analysis process

B.

Consult the disaster recovery plan

C.

Consult the data classification process

D.

Consult the communications plan

Buy Now
Questions 75

A security analyst is trying to track physical locations of threat actors via SIEM log information. However, correlating IP addresses with geolocation is taking a long time, so the analyst asks a security engineer to add geolocation to the SIEM tool. This is an example of using:

Options:

A.

security orchestration, automation, and response.

B.

continuous integration.

C.

data enrichment.

D.

threat feeds.

Buy Now
Questions 76

A manager asks a security analyst lo provide the web-browsing history of an employee. Which of the following should the analyst do first?

Options:

A.

Obtain permission to perform the search.

B.

Obtain the web-browsing history from the proxy.

C.

Obtain the employee's network ID to form the query.

D.

Download the browsing history, encrypt it. and hash it

Buy Now
Questions 77

A security analyst needs to determine the best method for securing access to a top-secret datacenter Along with an access card and PIN code, which of the following additional authentication methods would be BEST to enhance the datacenter's security?

Options:

A.

Physical key

B.

Retinal scan

C.

Passphrase

D.

Fingerprint

Buy Now
Questions 78

A security engineer is reviewing security products that identify malicious actions by users as part of a company's insider threat program. Which of the following is the most appropriate product category for this purpose?

Options:

A.

SCAP

B.

SOAR

C.

UEBA

D.

WAF

Buy Now
Questions 79

While investigating reports or issues with a web server, a security analyst attempts to log in remotely and recedes the following message:

CS0-002 Question 79

The analyst accesses the server console, and the following console messages are displayed:

CS0-002 Question 79

The analyst is also unable to log in on the console. While reviewing network captures for the server, the analyst sees many packets with the following signature:

CS0-002 Question 79

Which of the following is the BEST step for the analyst to lake next in this situation?

Options:

A.

Load the network captures into a protocol analyzer to further investigate the communication with 128.30.100.23, as this may be a botnet command server

B.

After ensuring network captures from the server are saved isolate the server from the network take a memory snapshot, reboot and log in to do further analysis.

C.

Corporate data is being exfilltrated from the server Reboot the server and log in to see if it contains any sensitive data.

D.

Cryptomining malware is running on the server and utilizing an CPU and memory. Reboot the server and disable any cron Jobs or startup scripts that start the mining software.

Buy Now
Questions 80

A security analyst observes a large amount of scanning activity coming from an IP address outside the organization's environment. Which of the following should the analyst do to block this activity?

Options:

A.

Create an IPS rule to block the subnet.

B.

Sinkhole the IP address.

C.

Create a firewall rule to block the IP address.

D.

Close all unnecessary open ports.

Buy Now
Questions 81

A team of network security analysts is examining network traffic to determine if sensitive data was exfiltrated. Upon further investigation, the analysts believe confidential data was compromised. Which of the following capabilities would BEST defend against this type of sensitive data exfiltration?

Options:

A.

Deploy an edge firewall.

B.

Implement DLP

C.

Deploy EDR.

D.

Encrypt the hard drives

Buy Now
Questions 82

A cybersecunty analyst needs to harden a server that is currently being used as a web server The server needs to be accessible when entenng www company com into the browser Additionally web pages require frequent updates which are performed by a remote contractor Given the following output:

CS0-002 Question 82

Which of the following should the cybersecunty analyst recommend to harden the server? (Select TWO).

Options:

A.

Uninstall the DNS service

B.

Perform a vulnerability scan

C.

Change the server's IP to a private IP address

D.

Disable the Telnet service

E.

Block port 80 with the host-based firewall

F.

Change the SSH port to a non-standard port

Buy Now
Questions 83

A digital forensics investigator works from duplicate images to preserve the integrity of the original evidence. Which of the following types of media are most volatile and should be preserved? (Select two).

Options:

A.

Memory cache

B.

Registry file

C.

SSD storage

D.

Temporary filesystems

E.

Packet decoding

F.

Swap volume

Buy Now
Questions 84

A small organization has proprietary software that is used internally. The system has not been wen maintained and cannot be updated with the rest or the environment. Which of the following is the BEST solution?

Options:

A.

virtualize the system and decommission the physical machine.

B.

Remove it from the network and require air gapping.

C.

Implement privileged access management for identity access.

D.

Implement MFA on the specific system.

Buy Now
Questions 85

A technician working at company.com received the following email:

CS0-002 Question 85

After looking at the above communication, which of the following should the technician recommend to the security team to prevent exposure of sensitive information and reduce the risk of corporate data being stored on non-corporate assets?

Options:

A.

Forwarding of corporate email should be disallowed by the company.

B.

A VPN should be used to allow technicians to troubleshoot computer issues securely.

C.

An email banner should be implemented to identify emails coming from external sources.

D.

A rule should be placed on the DLP to flag employee IDs and serial numbers.

Buy Now
Questions 86

A company is setting up a small, remote office to support five to ten employees. The company's home office is in a different city, where the company uses a cloud service provider for its business applications and a local server to host its data. To provide shared access from the remote office to the local server and the business applications, which of the following would be the easiest and most secure solution?

Options:

A.

Use a VPC to host the company's data and keep the current solution for the business applications.

B.

Use a new server for the remote office to host the data and keep the current solution for the business applications.

C.

Use a VDI for the home office and keep the current solution for the business applications.

D.

Use a VPN to access the company's data in the home office and keep the current solution for the business applications.

Buy Now
Questions 87

An organization wants to implement a privileged access management solution to belter manage the use of emergency and privileged service accounts Which of the following would BEST satisfy the organization's goal?

Options:

A.

Access control lists

B.

Discretionary access controls

C.

Policy-based access controls

D.

Credential vaulting

Buy Now
Questions 88

A Chief Information Officer wants to implement a BYOD strategy for all company laptops and mobile phones. The Chief Information Security Officer is concerned with ensuring all devices are patched and running some sort of protection against malicious software. Which of the following existing technical controls should a security analyst recommend to best meet all the requirements?

Options:

A.

EDR

B.

Port security

C.

NAC

D.

Segmentation

Buy Now
Questions 89

A user receives a potentially malicious attachment that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review. Which of the following commands would most likely indicate if the email is malicious?

Options:

A.

sha256sum ~/Desktop/fi1e.pdf

B.

/bin/;s -1 ~/Desktop/fi1e.pdf

C.

strings ~/Desktop/fi1e.pdf | grep -i “

D.

cat < ~/Desktop/file.pdf | grep —i .exe

Buy Now
Questions 90

A security analyst is reviewing WAF logs and notes requests against the corporate website are increasing and starting to impact the performance of the web server. The security analyst queries the logs for requests that triggered an alert on the WAF but were not blocked. Which of the following possible TTP combinations might warrant further investigation? (Select TWO).

Options:

A.

Requests identified by a threat intelligence service with a bad reputation

B.

Requests sent from the same IP address using different user agents

C.

Requests blocked by the web server per the input sanitization

D.

Failed log-in attempts against the web application

E.

Requests sent by NICs with outdated firmware

F.

Existence of HTTP/501 status codes generated to the same IP address

Buy Now
Questions 91

A Chief Information Security Officer has asked for a list of hosts that have critical and high-severity findings as referenced in the CVE database. Which of the following tools would produce the assessment output needed to satisfy this request?

Options:

A.

Nessus

B.

Nikto

C.

Fuzzer

D.

Wireshark

E.

Prowler

Buy Now
Questions 92

According to a static analysis report for a web application, a dynamic code evaluation script injection vulnerability was found. Which of the following actions is the BEST option to fix the vulnerability in the source code?

Options:

A.

Delete the vulnerable section of the code immediately.

B.

Create a custom rule on the web application firewall.

C.

Validate user input before execution and interpretation.

D.

Use parameterized queries.

Buy Now
Questions 93

During an incident response procedure, a security analyst collects a hard drive to analyze a possible vector of compromise. There is a Linux swap partition on the hard drive that needs to be checked. Which of the following, should the analyst use to extract human-readable content from the partition?

Options:

A.

strings

B.

head

C.

fsstat

D.

dd

Buy Now
Questions 94

During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity The analyst also notes there is no other alert in place for this traffic After resolving the security incident, which of the following would be the BEST action for the analyst to take to increase the chance of detecting this traffic in the future?

Options:

A.

Share details of the security incident with the organization's human resources management team

B.

Note the security incident so other analysts are aware the traffic is malicious

C.

Communicate the security incident to the threat team for further review and analysis

D.

Report the security incident to a manager for inclusion in the daily report

Buy Now
Questions 95

An organization's internal department frequently uses a cloud provider to store large amounts of sensitive data. A threat actor has deployed a virtual machine to at the use of the cloud hosted hypervisor, the threat actor has escalated the access rights. Which of the following actions would be BEST to remediate the vulnerability?

Options:

A.

Sandbox the virtual machine.

B.

Implement an MFA solution.

C.

Update lo the secure hypervisor version.

D.

Implement dedicated hardware for each customer.

Buy Now
Questions 96

An application has been updated to fix a vulnerability. Which of the following would ensure that previously patched vulnerabilities have not been reintroduced?

Options:

A.

Stress testing

B.

Regression testing

C.

Code review

D.

Peer review

Buy Now
Questions 97

An organization needs to secure sensitive data on its critical networks by implementing controls to mitigate APTs. The current policy does not provide any guidance or processes that support the mitigation of APTs. Which of the following technologies should the organization implement lo secure sensitive data? (Select two).

Options:

A.

WAF

B.

VPN

C.

VPC

D.

IPS

E.

SIEM

F.

SSO

Buy Now
Questions 98

A company needs to expand Its development group due to an influx of new feature requirements (rom Its customers. To do so quickly, the company is using Junior-level developers to fill in as needed. The company has found a number of vulnerabilities that have a direct correlation to the code contributed by the junior-level developers. Which of the following controls would best help to reduce the number of software vulnerabilities Introduced by this situation?

Options:

A.

Requiring senior-level developers to review code written by junior-level developers

B.

Hiring senior-level developers only

C.

Allowing only senior-level developers to write code for new features

D.

Using authorized source code repositories only

Buy Now
Questions 99

While implementing a PKI for a company, a security analyst plans to utilize a dedicated server as the certAcate authority that is only used to sign intermediate certificates. Which of the following are the MOST secure states for the certificate authority server when it is not in use? (Select TWO)

Options:

A.

On a private VLAN

B.

Full disk encrypted

C.

Powered off

D.

Backed up hourly

E.

VPN accessible only

F.

Air gapped

Buy Now
Questions 100

An incident response team is responding to a breach of multiple systems that contain Pll and PHI Disclosure of the incident to external entities should be based on:

Options:

A.

the responder's discretion.

B.

the public relations policy.

C.

the communication plan.

D.

the senior management team's guidance.

Buy Now
Questions 101

Which of the following types of controls defines placing an ACL on a file folder?

Options:

A.

Technical control

B.

Confidentiality control

C.

Managerial control

D.

Operational control

Buy Now
Questions 102

A security analyst is reviewing vulnerability scans from an organization's internet-facing web services. The following is from an output file called ssl-test_webapps.comptia.org:

CS0-002 Question 102

CS0-002 Question 102

Which of the following lines from this output most likely indicates that attackers could quickly use brute force and determine the negotiated secret session key?

Options:

A.

TLS_RSA_WITH_DES_CBC_SHA 56

B.

TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 DH (1024 bits)

C.

TLS_RSA_K1TH_A£S_256_CBC_SHA 256

D.

TLS_DHE_RSA_WITH_AES_256_GCM_SHA256 DH (2048 bits)

Buy Now
Questions 103

A security analyst implemented a solution that would analyze the attacks that the organization's firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command:

$ sudo nc —1 —v —e maildaemon.py 25 > caplog.txt

Which of the following solutions did the analyst implement?

Options:

A.

Log correlation

B.

Crontab mail script

C.

Sinkhole

D.

Honeypot

Buy Now
Questions 104

At which of the following phases of the SDLC shoukJ security FIRST be involved?

Options:

A.

Design

B.

Maintenance

C.

Implementation

D.

Analysis

E.

Planning

F.

Testing

Buy Now
Questions 105

An analyst is coordinating with the management team and collecting several terabytes of data to analyze using advanced mathematical techniques in order to find patterns and correlations in events and activities. Which of the following describes what the analyst is doing?

Options:

A.

Data visualization

B.

SOAR

C.

Machine learning

D.

SCAP

Buy Now
Questions 106

Which of the following BEST describes how logging and monitoring work when entering into a public cloud relationship with a service provider?

Options:

A.

Logging and monitoring are not needed in a public cloud environment

B.

Logging and monitoring are done by the data owners

C.

Logging and monitoring duties are specified in the SLA and contract

D.

Logging and monitoring are done by the service provider

Buy Now
Questions 107

A cybersecurity analyst is researching operational data to develop a script that will detect the presence of a threat on corporate assets. Which of the following contains the most useful information to produce this script?

Options:

A.

API documentation

B.

Protocol analysis captures

C.

MITRE ATT&CK reports

D.

OpenloC files

Buy Now
Questions 108

A security analyst is analyzing the following output from the Spider tab of OWASP ZAP after a vulnerability scan was completed:

CS0-002 Question 108

Which of the following options can the analyst conclude based on the provided output?

Options:

A.

The scanning vendor used robots to make the scanning job faster

B.

The scanning job was successfully completed, and no vulnerabilities were detected

C.

The scanning job did not successfully complete due to an out of scope error

D.

The scanner executed a crawl process to discover pages to be assessed

Buy Now
Questions 109

A Chief Information Security Officer has requested a security measure be put in place to redirect certain traffic on the network. Which of the following would best resolve this issue?

Options:

A.

Sinkholing

B.

Blocklisting

C.

Geoblocking

D.

Sandboxing

Buy Now
Questions 110

A security analyst discovers the accounting department is hosting an accounts receivable form on a public document service. Anyone with the link can access it. Which of the following threats applies to this situation?

Options:

A.

Potential data loss to external users

B.

Loss of public/private key management

C.

Cloud-based authentication attack

D.

Identification and authentication failures

Buy Now
Questions 111

Forming a hypothesis, looking for indicators of compromise, and using the findings to proactively improve detection capabilities are examples of the value of:

Options:

A.

vulnerability scanning.

B.

threat hunting.

C.

red learning.

D.

penetration testing.

Buy Now
Exam Code: CS0-002
Exam Name: CompTIA CySA+ Certification Exam (CS0-002)
Last Update: Apr 18, 2024
Questions: 372

PDF + Testing Engine

$74.7  $165.99

Testing Engine

$51.75  $114.99
buy now CS0-002 testing engine

PDF (Q&A)

$47.25  $104.99
buy now CS0-002 pdf