Black Friday / Cyber Monday Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

CS0-002 CompTIA CySA+ Certification Exam (CS0-002) Questions and Answers

Questions 4

An employee was found to have performed fraudulent activities. The employee was dismissed, and the employee's laptop was sent to the IT service desk to undergo a data sanitization procedure. However, the security analyst responsible for the investigation wants to avoid data sanitization. Which of the following can the security analyst use to justify the request?

Options:

A.

Data retention

B.

Evidence retention

C.

GDPR

D.

Data correlation procedure

Buy Now
Questions 5

Which of the following session management techniques will help to prevent a session identifier from being stolen via an XSS attack?

Options:

A.

Ensuring the session identifier length is sufficient

B.

Creating proper session identifier entropy

C.

Applying a secure attribute on session cookies

D.

Utilizing transport layer encryption on all requests

E.

Implementing session cookies with the HttpOnly flag

Buy Now
Questions 6

Which of the following is the BEST security practice to prevent ActiveX controls from running malicious code on a user's web application?

Options:

A.

Configuring a firewall to block traffic on ports that use ActiveX controls

B.

Adjusting the web-browser settings to block ActiveX controls

C.

Installing network-based IPS to block malicious ActiveX code

D.

Deploying HIPS to block malicious ActiveX code

Buy Now
Questions 7

An organization is experiencing issues with emails that are being sent to external recipients Incoming emails to the organization are working fine. A security analyst receives the following screenshot ot email error from the help desk.

CS0-002 Question 7

The analyst the checks the email server and sees many of the following messages in the logs.

Error 550 - Message rejected

Which of the following is MOST likely the issue?

Options:

A.

The DMARC queue is full

B.

SPF is failing.

C.

Port 25 is not open.

D.

The DKIM private key has expired

Buy Now
Questions 8

A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output:

CS0-002 Question 8

The analyst uses the vendor's website to confirm the oldest supported version is correct. Which of the following BEST describes the situation?

Options:

A.

This is a false positive and the scanning plugin needs to be updated by the vendor

B.

This is a true negative and the new computers have the correct version of the software

C.

This is a true positive and the new computers were imaged with an old version of the software

D.

This is a false negative and the new computers need to be updated by the desktop team

Buy Now
Questions 9

Portions of a legacy application are being refactored to discontinue the use of dynamic SQL Which of the following would be BEST to implement in the legacy application?

Options:

A.

Multifactor authentication

B.

Web-application firewall

C.

SQL injection

D.

Parameterized queries

E.

Input validation

Buy Now
Questions 10

A security analyst is reviewing the following requirements (or new time clocks that will be installed in a shipping warehouse:

• The clocks must be configured so they do not respond to ARP broadcasts.

• The server must be configured with static ARP entries for each clock.

Which of the following types of attacks will this configuration mitigate?

Options:

A.

Spoofing

B.

Overflows

C.

Rootkits

D.

Sniffing

Buy Now
Questions 11

An organization is upgrading its network and all of its workstations. The project will occur in phases, with infrastructure upgrades each month and workstation installs every other week. The schedule should accommodate the enterprise-wide changes, while minimizing the impact to the network. Which of the following schedules BEST addresses these requirements?

Options:

A.

Monthly topology scans, biweekly host discovery scans, weekly vulnerability scans

B.

Monthly vulnerability scans, biweekly topology scans, daily host discovery scans

C.

Monthly host discovery scans; biweekly vulnerability scans, monthly topology scans

D.

Monthly topology scans, biweekly host discovery scans, monthly vulnerability scans

Buy Now
Questions 12

A security analyst needs to perform a search for connections with a suspicious IP on the network traffic. The company collects full packet captures at the Internet gateway and retains them for one week. Which of the following will enable the analyst to obtain the BEST results?

Options:

A.

tcpdump –n –r internet.pcap host

B.

strings internet.pcap | grep

C.

grep –a internet.pcap

D.

npcapd internet.pcap | grep

Buy Now
Questions 13

Given the Nmap request below:

CS0-002 Question 13

Which of the following actions will an attacker be able to initiate directly against this host?

Options:

A.

Password sniffing

B.

ARP spoofing

C.

A brute-force attack

D.

An SQL injection

Buy Now
Questions 14

During an investigation, an analyst discovers the following rule in an executive’s email client:

IF * TO THEN mailto:

SELECT FROM ‘sent’ THEN DELETE FROM

The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?

Options:

A.

Check the server logs to evaluate which emails were sent to

B.

Use the SIEM to correlate logging events from the email server and the domain server

C.

Remove the rule from the email client and change the password

D.

Recommend that management implement SPF and DKIM

Buy Now
Questions 15

A security analyst has received reports of very slow, intermittent access to a public-facing corporate server. Suspecting the system may be compromised, the analyst runs the following commands:

CS0-002 Question 15

Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?

Options:

A.

Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.

B.

Examine the server logs for further indicators of compromise of a web application.

C.

Run kill -9 1325 to bring the load average down so the server is usable again.

D.

Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.

Buy Now
Questions 16

A newly appointed Chief Information Security Officer (CISO) has completed a risk assessment review of the organization and wants to reduce the numerous risks that were identified. Which of the following will provide a trend of risk mitigation?

Options:

A.

Risk response

B.

Risk analysis

C.

Planning

D.

Oversight

E.

Continuous monitoring

Buy Now
Questions 17

Risk management wants IT to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet.

Which of the following would BEST provide this solution?

Options:

A.

File fingerprinting

B.

Decomposition of malware

C.

Risk evaluation

D.

Sandboxing

Buy Now
Questions 18

The Chief Information Officer (CIO) for a large manufacturing organization has noticed a significant number of unknown devices with possible malware infections are on the organization's corporate network.

Which of the following would work BEST to prevent the issue?

Options:

A.

Reconfigure the NAC solution to prevent access based on a full device profile and ensure antivirus is installed.

B.

Segment the network to isolate all systems that contain highly sensitive information, such as intellectual property.

C.

Implement certificate validation on the VPN to ensure only employees with the certificate can access the company network.

D.

Update the antivirus configuration to enable behavioral and real-time analysis on all systems within the network.

Buy Now
Questions 19

An analyst performs a routine scan of a host using Nmap and receives the following output:

CS0-002 Question 19

Which of the following should the analyst investigate FIRST?

Options:

A.

Port 21

B.

Port 22

C.

Port 23

D.

Port 80

Buy Now
Questions 20

In system hardening, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

Options:

A.

SCAP

B.

Burp Suite

C.

OWASP ZAP

D.

Unauthenticated

Buy Now
Questions 21

A company's blocklist has outgrown the current technologies in place. The ACLS are at maximum, and the IPS signatures only allow a certain

amount of space for domains to be added, creating the need for multiple signatures.

Which of the following configuration changes to the existing controls would be the MOST appropriate to improve performance?

Options:

A.

Create an IDS for the current blocklist to determine which domains are showing activity and may need to be removed.

B.

Implement a host-file based solution that will use a list of all domains to deny for all machines on the network

C.

Review the current blocklist to determine which domains can be removed from the list and then update the ACLs and IPS signatures.

D.

Review the current blocklist and prioritize it based on the level of threat severity. Add the domains with the highest severity to the blocklist and remove the lower-severity threats from it.

Buy Now
Questions 22

Massivelog log has grown to 40GB on a Windows server At this size, local tools are unable to read the file, and it cannot be moved off the virtual server where it is located. Which of the following lines of PowerShell script will allow a user to extract the last 10.000 lines of the loq for review?

Options:

A.

tail -10000 Massivelog.log > extract.txt

B.

info tail n -10000 Massivelog.log | extract.txt;

C.

get content ‘./Massivelog.log’ –Last 10000 | extract.txt

D.

get-content ‘./Massivelog.log’ –Last 10000 > extract.txt;

Buy Now
Questions 23

A security analyst received an email with the following key:

Xj3XJ3LLc

A second security analyst received an email with following key:

3XJ3xjcLLC

The security manager has informed the two analysts that the email they received is a key that allows access to the company’s financial segment for maintenance. This is an example of:

Options:

A.

dual control

B.

private key encryption

C.

separation of duties

D.

public key encryption

E.

two-factor authentication

Buy Now
Questions 24

Which of me following BEST articulates the benefit of leveraging SCAP in an organization's cybersecurity analysis toolset?

Options:

A.

It automatically performs remedial configuration changes lo enterprise security services

B.

It enables standard checklist and vulnerability analysis expressions for automaton

C.

It establishes a continuous integration environment for software development operations

D.

It provides validation of suspected system vulnerabilities through workflow orchestration

Buy Now
Questions 25

The help desk noticed a security analyst that emails from a new email server are not being sent out. The new email server was recently added to the existing ones. The analyst runs the following command on the new server.

CS0-002 Question 25

Given the output, which of the following should the security analyst check NEXT?

Options:

A.

The DNS name of the new email server

B.

The version of SPF that is being used

C.

The IP address of the new email server

D.

The DMARC policy

Buy Now
Questions 26

A finance department employee has received a message that appears to have been sent from the Chief Financial Officer (CFO) asking the employee to perform a wife transfer Analysis of the email shows the message came from an external source and is fraudulent. Which of the following would work BEST to improve the likelihood of employees quickly recognizing fraudulent emails?

Options:

A.

Implementing a sandboxing solution for viewing emails and attachments

B.

Limiting email from the finance department to recipients on a pre-approved whitelist

C.

Configuring email client settings to display all messages in plaintext when read

D.

Adding a banner to incoming messages that identifies the messages as external

Buy Now
Questions 27

A security analyst recently discovered two unauthorized hosts on the campus's wireless network segment from a man-m-the-middle attack .The security analyst also verified that privileges were not escalated, and the two devices did not gain access to other network devices Which of the following would BEST mitigate and improve the security posture of the wireless network for this type of attack?

Options:

A.

Enable MAC filtering on the wireless router and suggest a stronger encryption for the wireless network,

B.

Change the SSID, strengthen the passcode, and implement MAC filtering on the wireless router.

C.

Enable MAC filtering on the wireless router and create a whitelist that allows devices on the network

D.

Conduct a wireless survey to determine if the wireless strength needs to be reduced.

Buy Now
Questions 28

A security analyst is investigating a system compromise. The analyst verities the system was up to date on OS patches at the time of the compromise. Which of the following describes the type of vulnerability that was MOST likely expiated?

Options:

A.

Insider threat

B.

Buffer overflow

C.

Advanced persistent threat

D.

Zero day

Buy Now
Questions 29

A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Bing Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of being compromised. Which of the following is the value of this risk?

Options:

A.

$75.000

B.

$300.000

C.

$1.425 million

D.

$1.5 million

Buy Now
Questions 30

A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the future.

Which of the following would be the BEST solution to recommend to the director?

Options:

A.

Install a data loss prevention system, and train human resources employees on its use. Provide PII training to all employees at the company. Encrypt PII information.

B.

Enforce encryption on all emails sent within the company. Create a PII program and policy on how to handle datA. Train all human resources employees.

C.

Train all employees. Encrypt data sent on the company network. Bring in privacy personnel to present a plan on how PII should be handled.

D.

Install specific equipment to create a human resources policy that protects PII datA. Train company employees on how to handle PII datA. Outsource all PII to another company. Send the human resources director to training for PII handling.

Buy Now
Questions 31

The computer incident response team at a multinational company has determined that a breach of sensitive data has occurred in which a threat actor has compromised the organization’s email system. Per the incident response procedures, this breach requires notifying the board immediately. Which of the following would be the BEST method of communication?

Options:

A.

Post of the company blog

B.

Corporate-hosted encrypted email

C.

VoIP phone call

D.

Summary sent by certified mail

E.

Externally hosted instant message

Buy Now
Questions 32

An analyst has been asked to provide feedback regarding the control required by a revised regulatory framework At this time, the analyst only needs to focus on the technical controls. Which of the following should the analyst provide an assessment of?

Options:

A.

Tokenization of sensitive data

B.

Establishment o' data classifications

C.

Reporting on data retention and purging activities

D.

Formal identification of data ownership

E.

Execution of NDAs

Buy Now
Questions 33

A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of the device, the security committee makes a risk- based policy decision to review and enforce the vendor upgrade before the end of life is reached.

Which of the following risk actions has the security committee taken?

Options:

A.

Risk exception

B.

Risk avoidance

C.

Risk tolerance

D.

Risk acceptance

Buy Now
Questions 34

As part of a merger with another organization, a Chief Information Security Officer (CISO) is working with an assessor to perform a risk assessment focused on data privacy compliance. The CISO is primarily concerned with the potential legal liability and fines associated with data privacy. Based on the CISO's concerns, the assessor will MOST likely focus on:

Options:

A.

qualitative probabilities.

B.

quantitative probabilities.

C.

qualitative magnitude.

D.

quantitative magnitude.

Buy Now
Questions 35

An organization developed a comprehensive modern response policy Executive management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel's familiarity with incident response procedures?

Options:

A.

A simulated breach scenario evolving the incident response team

B.

Completion of annual information security awareness training by ail employees

C.

Tabtetop activities involving business continuity team members

D.

Completion of lessons-learned documentation by the computer security incident response team

E.

External and internal penetration testing by a third party

Buy Now
Questions 36

Which of the following would a security engineer recommend to BEST protect sensitive system data from being accessed on mobile devices?

Options:

A.

Use a UEFl boot password.

B.

Implement a self-encrypted disk.

C.

Configure filesystem encryption

D.

Enable Secure Boot using TPM

Buy Now
Questions 37

While analyzing logs from a WAF, a cybersecurity analyst finds the following:

CS0-002 Question 37

Which of the following BEST describes what the analyst has found?

Options:

A.

This is an encrypted GET HTTP request

B.

A packet is being used to bypass the WAF

C.

This is an encrypted packet

D.

This is an encoded WAF bypass

Buy Now
Questions 38

An organization was alerted to a possible compromise after its proprietary data was found for sale on the Internet. An analyst is reviewing the logs from the next-generation UTM in an attempt to find evidence of this breach. Given the following output:

CS0-002 Question 38

Which of the following should be the focus of the investigation?

Options:

A.

webserver.org-dmz.org

B.

sftp.org-dmz.org

C.

83hht23.org-int.org

D.

ftps.bluemed.net

Buy Now
Questions 39

A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month The affected servers are virtual machines Which of the following is the BEST course of action?

Options:

A.

Shut down the servers as soon as possible, move them to a clean environment, restart, run a vulnerability scanner to find weaknesses determine the root cause, remediate, and report

B.

Report the data exfiltration to management take the affected servers offline, conduct an antivirus scan, remediate all threats found, and return the servers to service.

C.

Disconnect the affected servers from the network, use the virtual machine console to access the systems, determine which information has left the network, find the security weakness, and remediate

D.

Determine if any other servers have been affected, snapshot any servers found, determine the vector that was used to allow the data exfiltration. fix any vulnerabilities, remediate, and report.

Buy Now
Questions 40

A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident. The analyst determines backups were not performed during this time and reviews the following:

CS0-002 Question 40

Which of the following should the analyst review to find out how the data was exfilltrated?

Options:

A.

Monday's logs

B.

Tuesday's logs

C.

Wednesday's logs

D.

Thursday's logs

Buy Now
Questions 41

A security analyst at a technology solutions firm has uncovered the same vulnerabilities on a vulnerability scan for a long period of time. The vulnerabilities are on systems that are dedicated to the firm's largest client. Which of the following is MOST likely inhibiting the remediation efforts?

Options:

A.

The parties have an MOU between them that could prevent shutting down the systems

B.

There is a potential disruption of the vendor-client relationship

C.

Patches for the vulnerabilities have not been fully tested by the software vendor

D.

There is an SLA with the client that allows very little downtime

Buy Now
Questions 42

An information security analyst is working with a data owner to identify the appropriate controls to preserve the confidentiality of data within an enterprise environment One of the primary concerns is exfiltration of data by malicious insiders Which of the following controls is the MOST appropriate to mitigate risks?

Options:

A.

Data deduplication

B.

OS fingerprinting

C.

Digital watermarking

D.

Data loss prevention

Buy Now
Questions 43

An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems.

As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue?

Options:

A.

Copies of prior audits that did not identify the servers as an issue

B.

Project plans relating to the replacement of the servers that were approved by management

C.

Minutes from meetings in which risk assessment activities addressing the servers were discussed

D.

ACLs from perimeter firewalls showing blocked access to the servers

E.

Copies of change orders relating to the vulnerable servers

Buy Now
Questions 44

During routine monitoring a security analyst identified the following enterpnse network traffic:

Packet capture output:

CS0-002 Question 44

Which of the following BEST describes what the security analyst observed?

Options:

A.

66.187.224.210 set up a DNS hijack with 192.168.12.21.

B.

192.168.12.21 made a TCP connection to 66 187 224 210

C.

192.168.12.21 made a TCP connection to 209 132 177 50

D.

209.132.177.50 set up a TCP reset attack to 192 168 12 21

Buy Now
Questions 45

Due to a rise m cyberattackers seeking PHI, a healthcare company that collects highly sensitive data from millions of customers is deploying a solution that will ensure the customers' data is protected by the organization internally and externally Which of the following countermeasures can BEST prevent the loss of customers' sensitive data?

Options:

A.

Implement privileged access management

B.

Implement a risk management process

C.

Implement multifactor authentication

D.

Add more security resources to the environment

Buy Now
Questions 46

Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?

Options:

A.

Security regression testing

B.

Code review

C.

User acceptance testing

D.

Stress testing

Buy Now
Questions 47

The Chief Information Security Officer (CISO) of a large financial institution is seeking a solution that will block a predetermined set of data points from being transferred or downloaded by employees. The CISO also wants to track the data assets by name, type, content, or data profile.

Which of the following BEST describes what the CIS wants to purchase?

Options:

A.

Asset tagging

B.

SIEM

C.

File integrity monitor

D.

DLP

Buy Now
Questions 48

An organization's internal department frequently uses a cloud provider to store large amounts of sensitive data. A threat actor has deployed a virtual machine to at the use of the cloud hosted hypervisor, the threat actor has escalated the access rights. Which of the following actions would be BEST to remediate the vulnerability?

Options:

A.

Sandbox the virtual machine.

B.

Implement an MFA solution.

C.

Update lo the secure hypervisor version.

D.

Implement dedicated hardware for each customer.

Buy Now
Questions 49

A manufacturing company uses a third-party service provider for Tier 1 security support. One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests. Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?

Options:

A.

Implement a secure supply chain program with governance.

B.

Implement blacklisting lor IP addresses from outside the county.

C.

Implement strong authentication controls for at contractors.

D.

Implement user behavior analytics tor key staff members.

Buy Now
Questions 50

An organization is focused on restructuring its data governance programs and an analyst has been Tasked with surveying sensitive data within the organization. Which of the following is the MOST accurate method for the security analyst to complete this assignment?

Options:

A.

Perform an enterprise-wide discovery scan.

B.

Consult with an internal data custodian.

C.

Review enterprise-wide asset Inventory.

D.

Create a survey and distribute it to data owners.

Buy Now
Questions 51

Which of the following types of controls defines placing an ACL on a file folder?

Options:

A.

Technical control

B.

Confidentiality control

C.

Managerial control

D.

Operational control

Buy Now
Questions 52

A manufacturing company uses a third-party service provider lor Tier 1 security support One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?

Options:

A.

Implement a secure supply chain program with governance

B.

Implement blacklisting for IP addresses from outside the country

C.

Implement strong authentication controls for all contractors

D.

Implement user behavior analytics for key staff members

Buy Now
Questions 53

A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating data. The security engineer also see that deployed, up-to-date antivirus signatures are ineffective. Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

Options:

A.

IDS signatures

B.

Data loss prevention

C.

Port security

D.

Sinkholing

Buy Now
Questions 54

While analyzing network traffic, a security analyst discovers several computers on the network are connecting to a malicious domain that was blocked by a DNS sinkhole. A new private IP range is now visible, but no change requests were made to add it. Which of the following is the BEST solution for the security analyst to implement?

Options:

A.

Block the domain IP at the firewall.

B.

Blacklist the new subnet

C.

Create an IPS rule.

D.

Apply network access control.

Buy Now
Questions 55

An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issue firewall. Which following actions would help during the forensic analysis of the mobile device? (Select TWO).

Options:

A.

Resetting the phone to factory settings

B.

Rebooting the phone and installing the latest security updates

C.

Documenting the respective chain of custody

D.

Uninstalling any potentially unwanted programs

E.

Performing a memory dump of the mobile device for analysis

F.

Unlocking the device by blowing the eFuse

Buy Now
Questions 56

An organization's Cruel Information Security Officer is concerned the proper control are not in place to identify a malicious insider Which of the following techniques would be BEST to identify employees who attempt to steal data or do harm to the organization?

Options:

A.

Place a text file named Passwords txt on the local file server and create a SIEM alert when the file is accessed

B.

Segment the network so workstations are segregated from servers and implement detailed logging on the jumpbox

C.

Perform a review of all users with privileged access and monitor web activity logs from the organization's pfoxy

D.

Analyze logs to determine if a user is consuming large amounts of bandwidth at odd hours ol the day

Buy Now
Questions 57

A company has a cluster of web servers that is critical to the business. A systems administrator installed a utility to troubleshoot an issue, and the utility caused the entire cluster to 90 offline. Which of the following solutions would work BEST prevent to this from happening again?

Options:

A.

Change management

B.

Application whitelisting

C.

Asset management

D.

Privilege management

Buy Now
Questions 58

A security analyst identified one server that was compromised and used as a data making machine, and a few of the hard drive that was created. Which of the following will MOST likely provide information about when and how the machine was compromised and where the malware is located?

Options:

A.

System timeline reconstruction

B.

System registry extraction

C.

Data carving

D.

Volatile memory analysts

Buy Now
Questions 59

After a remote command execution incident occurred on a web server, a security analyst found the following piece of code in an XML file:

CS0-002 Question 59

Which of the following it the BEST solution to mitigate this type of attack?

Options:

A.

Implement a better level of user input filters and content sanitization.

B.

Property configure XML handlers so they do not process sent parameters coming from user inputs.

C.

Use parameterized Queries to avoid user inputs horn being processed by the server.

D.

Escape user inputs using character encoding conjoined with whitelisting

Buy Now
Questions 60

A team of network security analysts is examining network traffic to determine if sensitive data was exfitrated Upon further investigation, the analysts believe confidential data was compromised. Which of me following capattlnes would BEST defend against tnts type of sensitive data eifiitraUon?

Options:

A.

Deploy an edge firewal.

B.

Implement DLP

C.

Deploy EDR.

D.

Enaypi the hard drives

Buy Now
Questions 61

An organization wants to ensure the privacy of the data that is on its systems Full disk encryption and DLP are already in use Which of the following is the BEST option?

Options:

A.

Require all remote employees to sign an NDA

B.

Enforce geofencmg to limit data accessibility

C.

Require users to change their passwords more frequently

D.

Update the AUP to restrict data sharing

Buy Now
Questions 62

During the security assessment of a new application, a tester attempts to log in to the application but receives the following message incorrect password for given username. Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information?

Options:

A.

Set the web page to redirect to an application support page when a bad password is entered.

B.

Disable error messaging for authentication

C.

Recognize that error messaging does not provide confirmation of the correct element of authentication

D.

Avoid using password-based authentication for the application

Buy Now
Questions 63

Which of the following, BEST explains the function of TPM?

Options:

A.

To provide hardware-based security features using unique keys

B.

To ensure platform confidentiality by storing security measurements

C.

To improve management of the OS installation.

D.

To implement encryption algorithms for hard drives

Buy Now
Questions 64

An analyst receives artifacts from a recent Intrusion and is able to pull a domain, IP address, email address, and software version. When of the following points of the Diamond Model of Intrusion Analysis does this intelligence represent?

Options:

A.

Infrastructure

B.

Capabilities

C.

Adversary

D.

Victims

Buy Now
Questions 65

An email analysis system notifies a security analyst that the following message was quarantined and requires further review.

CS0-002 Question 65

Which of the following actions should the security analyst take?

Options:

A.

Release the email for delivery due to its importance.

B.

Immediately contact a purchasing agent to expedite.

C.

Delete the email and block the sender.

D.

Purchase the gift cards and submit an expense report.

Buy Now
Questions 66

A development team has asked users to conduct testing to ensure an application meets the needs of the business. Which of the fallowing types of testing docs This describe?

Options:

A.

Acceptance testing

B.

Stress testing

C.

Regression testing

D.

Penetration testing

Buy Now
Questions 67

A security analyst is reviewing the following server statistics:

CS0-002 Question 67

Which of the following is MOST likely occurring?

Options:

A.

Race condition

B.

Privilege escalation

C.

Resource exhaustion

D.

VM escape

Buy Now
Questions 68

A company uses an FTP server to support its critical business functions The FTP server is configured as follows:

• The FTP service is running with (he data duectory configured in /opt/ftp/data.

• The FTP server hosts employees' home aVectories in /home

• Employees may store sensitive information in their home directories

An loC revealed that an FTP director/ traversal attack resulted in sensitive data loss Which of the following should a server administrator implement to reduce the risk of current and future directory traversal attacks targeted at the FTP server?

Options:

A.

Implement file-level encryption of sensitive files

B.

Reconfigure the FTP server to support FTPS

C.

Run the FTP server n a chroot environment

D.

Upgrade the FTP server to the latest version

Buy Now
Questions 69

During the forensic analysis of a compromised machine, a security analyst discovers some binaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content Which of the following is the NEXT step the analyst should take?

Options:

A.

Only allow whitelisted binaries to execute.

B.

Run an antivirus against the binaries to check for malware.

C.

Use file integrity monitoring to validate the digital signature.

D.

Validate the binaries' hashes from a trusted source.

Buy Now
Questions 70

An organisation is assessing risks so it can prioritize its mitigation actions. Following are the risks and their probability and impact:

CS0-002 Question 70

Which of the following is the order of priority for risk mitigation from highest to lowest?

Options:

A.

A, B, C, D

B.

A, D, B, C

C.

B, C, A, D

D.

C, B, D, A

E.

D, A, C, B

Buy Now
Questions 71

A company’s Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user’s activity session. Which of the following is the BEST technique to address the CISO’s concerns?

Options:

A.

Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.

B.

Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.

C.

Place a legal hold on the files. Require authorized users to abide by a strict time context access policy.

Monitor the files for unauthorized changes.

D.

Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.

Buy Now
Questions 72

The Cruel Executive Officer (CEO) of a large insurance company has reported phishing emails that contain malicious links are targeting the entire organza lion Which of the following actions would work BEST to prevent against this type of attack?

Options:

A.

Turn on full behavioral analysis to avert an infection

B.

Implement an EDR mail module that will rewrite and analyze email links.

C.

Reconfigure the EDR solution to perform real-time scanning of all files

D.

Ensure EDR signatures are updated every day to avert infection.

E.

Modify the EDR solution to use heuristic analysis techniques for malware.

Buy Now
Questions 73

A security team identified some specific known tactics and techniques to help mitigate repeated credential access threats, such as account manipulation and brute forcing. Which of the following frameworks or models did the security team MOST likely use to identify the tactics and techniques'?

Options:

A.

Kill chain

B.

Diamond Model of Intrusion Analysis

C.

MITRE ATT&CK

D.

ITIL

Buy Now
Questions 74

A company creates digitally signed packages for its devices. Which of the following BEST describes the method by which the security packages are delivered to the company's customers?

Options:

A.

Trusted firmware updates

B.

SELinux

C.

eFuse

D.

Anti-tamper mechanism

Buy Now
Questions 75

Which of the following sources will provide the MOST relevant threat intelligence data to the security team of a dental care network?

Options:

A.

Open threat exchange

B.

H-ISAC

C.

Dark web chatter

D.

Dental forums

Buy Now
Exam Code: CS0-002
Exam Name: CompTIA CySA+ Certification Exam (CS0-002)
Last Update: Dec 5, 2022
Questions: 506

PDF + Testing Engine

$61.6  $175.99

Testing Engine

$46.2  $131.99
buy now CS0-002 testing engine

PDF (Q&A)

$38.5  $109.99
buy now CS0-002 pdf