New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

CS0-002 CompTIA CySA+ Certification Exam (CS0-002) Questions and Answers

Questions 4

A Chief Information Security Officer (CISO) is concerned about new privacy regulations that apply to the company. The CISO has tasked a security analyst with finding the proper control functions to verify that a user's data is not altered without the user's consent. Which of the following would be an appropriate course of action?

Options:

A.

Automate the use of a hashing algorithm after verified users make changes to their data.

B.

Use encryption first and then hash the data at regular, defined times.

C.

Use a DLP product to monitor the data sets for unauthorized edits and changes.

D.

Replicate the data sets at regular intervals and continuously compare the copies for unauthorized changes.

Buy Now
Questions 5

A security analyst implemented a solution that would analyze the attacks that the organization's firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command:

$ sudo nc —1 —v —e maildaemon.py 25 > caplog.txt

Which of the following solutions did the analyst implement?

Options:

A.

Log correlation

B.

Crontab mail script

C.

Sinkhole

D.

Honeypot

Buy Now
Questions 6

Company A is m the process of merging with Company B As part of the merger, connectivity between the ERP systems must be established so portent financial information can be shared between the two entitles. Which of the following will establish a more automated approach to secure data transfers between the two entities?

Options:

A.

Set up an FTP server that both companies can access and export the required financial data to a folder.

B.

Set up a VPN between Company A and Company B. granting access only lo the ERPs within the connection

C.

Set up a PKI between Company A and Company B and Intermediate shared certificates between the two entities

D.

Create static NATs on each entity's firewalls that map lo the ERP systems and use native ERP authentication to allow access.

Buy Now
Questions 7

A security analyst is reviewing a firewall usage report that contains traffic generated over the last 30 minutes in order to locate unusual traffic patterns:

Which of the following source IP addresses does the analyst need to investigate further?

Options:

A.

10.18.76.179

B.

10.50.180.49

C.

192.168.48.147

D.

192.168.100.5

Buy Now
Questions 8

During an incident investigation, a security analyst discovers the web server is generating an unusually high volume of logs The analyst observes the following response codes:

• 20% of the logs are 403

• 20% of the logs are 404

• 50% of the logs are 200

• 10% of the logs are other codes

The server generates 2MB of logs on a daily basis, and the current day log is over 200MB. Which of the following commands should the analyst use to identify the source of the activity?

Options:

A.

cat access_log Igrep " 403 "

B.

cat access_log Igrep " 200 "

C.

cat access_log Igrep " 100 "

D.

cat access_log Igrep " 4 04 "

E.

cat access_log Igrep " 204 "

Buy Now
Questions 9

A security analyst sees the following OWASP ZAP output from a scan that was performed against a modern version of Windows while testing for client-side vulnerabilities:

Which of the following is the MOST likely solution to the listed vulnerability?

Options:

A.

Enable the browser's XSS filter.

B.

Enable Windows XSS protection

C.

Enable the browser's protected pages mode

D.

Enable server-side XSS protection

Buy Now
Questions 10

In web application scanning, static analysis refers to scanning:

Options:

A.

the system for vulnerabilities before installing the application.

B.

the compiled code of the application to detect possible issues.

C.

an application that is installed and active on a system.

D.

an application that is installed on a system that is assigned a static IP.

Buy Now
Questions 11

An incident response team detected malicious software that could have gained access to credit card data. The incident response team was able to mitigate significant damage and implement corrective actions. By having incident response mechanisms in place. Which of the following should be notified for lessons learned?

Options:

A.

The human resources department

B.

Customers

C.

Company leadership

D.

The legal team

Buy Now
Questions 12

Several operator workstations are exhibiting unusual behavior, including applications loading slowly, temporary files being overwritten, and reboot notifications to apply antivirus signatures. During an investigation, an analyst finds evidence of Bitcoin mining. Which of the following is the first step the analyst should take to prevent further spread of the mining operation?

Options:

A.

Reboot each host that is exhibiting the behaviors.

B.

Enable the host-based firewalls to prevent further activity.

C.

Quarantine all the impacted hosts for forensic analysis.

D.

Notify users to turn off all affected devices.

Buy Now
Questions 13

A Chief Information Secunty Officer has asked for a list of hosts that have critical and high-seventy findings as referenced in the CVE database. Which of the following tools would produce the assessment output needed to satisfy this request?

Options:

A.

Nessus

B.

Nikto

C.

Fuzzer

D.

Wireshark

E.

Prowler

Buy Now
Questions 14

A network appliance manufacturer is building a new generation of devices and would like to include chipset security improvements. The management team wants the security team to implement a method to prevent security weaknesses that could be reintroduced by downgrading the firmware version on the chipset. Which of the following would meet this objective?

Options:

A.

UEFI

B.

A hardware security module

C.

eFUSE

D.

Certificate signed updates

Buy Now
Questions 15

The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the company's singe internet connection. Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT Department?

Options:

A.

Require the guest machines to install the corporate-owned EDR solution.

B.

Configure NAC to only allow machines on the network that are patched and have active antivirus.

C.

Place a firewall In between the corporate network and the guest network

D.

Configure the IPS with rules that will detect common malware signatures traveling from the guest network.

Buy Now
Questions 16

According to a static analysis report for a web application, a dynamic code evaluation script injection vulnerability was found. Which of the following actions is the BEST option to fix the vulnerability in the source code?

Options:

A.

Delete the vulnerable section of the code immediately.

B.

Create a custom rule on the web application firewall.

C.

Validate user input before execution and interpretation.

D.

Use parameterized queries.

Buy Now
Questions 17

A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:

Options:

A.

detection and prevention capabilities to improve.

B.

which systems were exploited more frequently.

C.

possible evidence that is missing during forensic analysis.

D.

which analysts require more training.

E.

the time spent by analysts on each of the incidents.

Buy Now
Questions 18

An organization wants to implement a privileged access management solution to belter manage the use of emergency and privileged service accounts Which of the following would BEST satisfy the organization's goal?

Options:

A.

Access control lists

B.

Discretionary access controls

C.

Policy-based access controls

D.

Credential vaulting

Buy Now
Questions 19

A security analyst is attempting to resolve an incident in which highly confidential company pricing information was sent to clients. It appears this information was unintentionally sent by an employee who attached it to public marketing material. Which of the following configuration changes would work BEST to limit the risk of this incident being repeated?

Options:

A.

Add client addresses to the blocklist.

B.

Update the DLP rules and metadata.

C.

Sanitize the marketing material.

D.

Update the insider threat procedures.

Buy Now
Questions 20

A Chief Information Security Officer has requested a security measure be put in place to redirect certain traffic on the network. Which of the following would best resolve this issue?

Options:

A.

Sinkholing

B.

Blocklisting

C.

Geoblocking

D.

Sandboxing

Buy Now
Questions 21

During a risk assessment, a senior manager inquires about what the cost would be if a unique occurrence would impact the availability of a critical service. The service generates $1 ,000 in revenue for the organization. The impact of the attack would affect 20% of the server's capacity to perform jobs. The organization expects that five out of twenty attacks would succeed during the year. Which of the following is the calculated single loss expectancy?

Options:

A.

$200

B.

$800

C.

$5,000

D.

$20,000

Buy Now
Questions 22

A development team recently released a new version of a public-facing website for testing prior to production. The development team is soliciting the help of various teams to validate the functionality of the website due to its high visibility. Which of the following activities best describes the process the development team is initiating?

Options:

A.

Static analysis

B.

Stress testing

C.

Code review

D.

User acceptance testing

Buy Now
Questions 23

A security analyst needs to recommend a solution that will allow users at a company to access cloud-based SaaS services but also prevent them from uploading and exflltrating data. Which of the following solutions should the security analyst recommend?

Options:

A.

CASB

B.

MFA

C.

VPN

D.

VPS

E.

DLP

Buy Now
Questions 24

Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?

Options:

A.

Security regression testing

B.

Code review

C.

User acceptance testing

D.

Stress testing

Buy Now
Questions 25

Which of the following is a reason for correctly identifying APTs that might be targeting an organization?

Options:

A.

APTs' passion for social justice will make them ongoing and motivated attackers.

B.

APTs utilize methods and technologies differently than other threats

C.

APTs are primarily focused on financial gam and are widely available over the internet.

D.

APTs lack sophisticated methods, but their dedication makes them persistent.

Buy Now
Questions 26

An organization has a policy that requires dedicated user accounts to run programs that need elevated privileges. Users must be part of a group that allows elevated permissions. While reviewing security logs, an analyst sees the following:

Which of the following hosts violates the organizational policies?

Options:

A.

pacer

B.

ford

C.

gremlin

D.

lincoln

Buy Now
Questions 27

Given the Nmap request below:

Which of the following actions will an attacker be able to initiate directly against this host?

Options:

A.

Password sniffing

B.

ARP spoofing

C.

A brute-force attack

D.

An SQL injection

Buy Now
Questions 28

An application developer needs help establishing a digital certificate for a new application. Which of the following illustrates a certificate management best practice?

Options:

A.

Ensure the certificate Is applied to the certificate revocation list.

B.

Ensure the certificate key algorithm is SHA-1 compliant.

C.

Ensure the certificate is requested from a trusted CA.

D.

Ensure the developer has self-signed the certificate.

E.

Ensure the certificate key is less than 1028 bits long.

Buy Now
Questions 29

A security analyst needs to provide the development team with secure connectivity from the corporate network to a three-tier cloud environment. The developers require access to servers in all three tiers in order to perform various configuration tasks. Which of the following technologies should the analyst implement to provide secure transport?

Options:

A.

CASB

B.

VPC

C.

Federation

D.

VPN

Buy Now
Questions 30

An organization has the following policies:

*Services must run on standard ports.

*Unneeded services must be disabled.

The organization has the following servers:

*192.168.10.1 - web server

*192.168.10.2 - database server

A security analyst runs a scan on the servers and sees the following output:

Which of the following actions should the analyst take?

Options:

A.

Disable HTTPS on 192.168.10.1.

B.

Disable IIS on 192.168.10.1.

C.

Disable DNS on 192.168.10.2.

D.

Disable MSSQL on 192.168.10.2.

E.

Disable SSH on both servers.

Buy Now
Questions 31

An organization is adopting loT devices at an increasing rate and will need to account for firmware updates in its vulnerability management programs. Despite the number of devices being deployed, the organization has only focused on software patches so far. leaving hardware-related weaknesses open to compromise. Which of the following best practices will help the organization to track and deploy trusted firmware updates as part of its vulnerability management programs?

Options:

A.

Utilize threat intelligence to guide risk evaluation activities and implement critical updates after proper testing.

B.

Apply all firmware updates as soon as they are released to mitigate the risk of compromise.

C.

Determine an annual patch cadence to ensure all patching occurs at the same time.

D.

Implement an automated solution that detects when vendors release firmware updates and immediately deploy updates to production.

Buy Now
Questions 32

An organization has the following policy statements:

• AlI emails entering or leaving the organization will be subject to inspection for malware, policy violations, and unauthorized coolant.

•AM network activity will be logged and monitored.

• Confidential data will be tagged and tracked

• Confidential data must never be transmitted in an unencrypted form.

• Confidential data must never be stored on an unencrypted mobile device.

Which of the following is the organization enforcing?

Options:

A.

Acceptable use policy

B.

Data privacy policy

C.

Encryption policy

D.

Data management, policy

Buy Now
Questions 33

A cybersecurity analyst inspects DNS logs on a regular basis to identify possible IOCs that are not triggered by known signatures. The analyst reviews the following log snippet:

Which of the following should the analyst do next based on the information reviewed?

Options:

A.

The analyst should disable DNS recursion.

B.

The analyst should block requests to no—thanks. invalid.

C.

The analyst should disconnect host 192.168.1.67.

D.

The analyst should sinkhole 102.100.20.20.

E.

The analyst should disallow queries to the 8.8.8.8 resolver.

Buy Now
Questions 34

An employee contacts the SOC to report a high-severity bug that was identified in a new, internally developed web application, which went live in production last week. The SOC staff did not receive contact details or escalation procedures to follow. Which of the following stages of the SDLC

process was overlooked?

Options:

A.

Input validation

B.

Planning

C.

Implementation and integration

D.

Operations and maintenance

Buy Now
Questions 35

To prioritize the morning's work, an analyst is reviewing security alerts that have not yet been investigated. Which of the following assets should be investigated FIRST?

Options:

A.

The workstation of a developer who is installing software on a web server

B.

A new test web server that is in the process of initial installation

C.

An accounting supervisor's laptop that is connected to the VPN

D.

The laptop of the vice president that is on the corporate LAN

Buy Now
Questions 36

An intrusion detection analyst reported an inbound connection originating from an unknown IP address recorded on the VPN server for multiple internal hosts. During an investigation, a security analyst determines there were no identifiers associated with the hosts. Which of the following should the security analyst enforce to obtain the best information?

Options:

A.

Update the organization's IP table.

B.

Enable user access logging.

C.

Shut down all VPN connections.

D.

Create rules for the Active Directory.

Buy Now
Questions 37

Which of the following BEST describes HSM?

Options:

A.

A computing device that manages cryptography, decrypts traffic, and maintains library calls

B.

A computing device that manages digital keys, performs encryption/decryption functions, and maintains other cryptographic functions

C.

A computing device that manages physical keys, encrypts devices, and creates strong cryptographic functions

D.

A computing device that manages algorithms, performs entropy functions, and maintains digital signatures

Buy Now
Questions 38

Which of the following is a reason to use a nsk-based cybersecunty framework?

Options:

A.

A risk-based approach always requires quantifying each cyber nsk faced by an organization

B.

A risk-based approach better allocates an organization's resources against cyberthreats and vulnerabilities

C.

A risk-based approach is driven by regulatory compliance and es required for most organizations

D.

A risk-based approach prioritizes vulnerability remediation by threat hunting and other qualitative-based processes

Buy Now
Questions 39

A small business does not have enough staff in the accounting department to segregate duties. The controller writes the checks for the business and reconciles them against the ledger. To ensure there is no fraud occurring, the business conducts quarterly reviews in which a different officer in the business compares all the cleared checks against the ledger. Which of the following BEST describes this type of control?

Options:

A.

Deterrent

B.

Preventive

C.

Compensating

D.

Detective

Buy Now
Questions 40

A cybersecurity analyst routinely checks logs, querying for login attempts. While querying for unsuccessful login attempts during a five-day period, the analyst produces the following report:

Which of the following BEST describes what the analyst Just found?

Options:

A.

Users 4 and 5 are using their credentials to transfer files to multiple servers.

B.

Users 4 and 5 are using their credentials to run an unauthorized scheduled task targeting some servers In the cloud.

C.

An unauthorized user is using login credentials in a script.

D.

A bot is running a brute-force attack in an attempt to log in to the domain.

Buy Now
Questions 41

A security analyst is investigating a data leak on a corporate website. The attacker was able to dump data by sending a crafted HTTP request with the following payload:

Which of the following systems would most likely have logs with details regarding the threat actor's requests?

Options:

A.

Cloud WAF

B.

Internal proxy

C.

TAXII server

D.

Hardware security module

Buy Now
Questions 42

An analyst is reviewing the following output as part of an incident:

Which of the Wowing is MOST likely happening?

Options:

A.

The hosts are part of a reflective denial -of -service attack.

B.

Information is leaking from the memory of host 10.20 30.40

C.

Sensitive data is being exfilltrated by host 192.168.1.10.

D.

Host 291.168.1.10 is performing firewall port knocking.

Buy Now
Questions 43

An analyst is working on a method to allow secure access to a highly sensi-tive server. The solution must allow named individuals remote access to data contained on the box and must limit access to a single IP address. Which of the following solutions would best meet these requirements?

Options:

A.

Jump box

B.

Software-defined networking

C.

VLAN

D.

ACL

Buy Now
Questions 44

A technician working at company.com received the following email:

After looking at the above communication, which of the following should the technician recommend to the security team to prevent exposure of sensitive information and reduce the risk of corporate data being stored on non-corporate assets?

Options:

A.

Forwarding of corporate email should be disallowed by the company.

B.

A VPN should be used to allow technicians to troubleshoot computer issues securely.

C.

An email banner should be implemented to identify emails coming from external sources.

D.

A rule should be placed on the DLP to flag employee IDs and serial numbers.

Buy Now
Questions 45

A cyber-security analyst is implementing a new network configuration on an existing network access layer to prevent possible physical attacks. Which of the following BEST describes a solution that would apply and cause fewer issues during the deployment phase?

Options:

A.

Implement port security with one MAC address per network port of the switch.

B.

Deploy network address protection with DHCP and dynamic VLANs.

C.

Configure 802.1X and EAPOL across the network

D.

Implement software-defined networking and security groups for isolation

Buy Now
Questions 46

A company's security team recently discovered a number of workstations that are at the end of life. The workstation vendor informs the team that the product is no longer supported and patches are no longer available The company is not prepared to cease its use of these workstations Which of the following would be the BEST method to protect these workstations from threats?

Options:

A.

Deploy whitelisting to the identified workstations to limit the attack surface

B.

Determine the system process centrality and document it

C.

Isolate the workstations and air gap them when it is feasible

D.

Increase security monitoring on the workstations

Buy Now
Questions 47

A security analyst reviews SIEM logs and discovers the following error event:

Which of the following environments does the analyst need to examine to continue troubleshooting the event?

Options:

A.

Proxy server

B.

SQL server

C.

Windows domain controller

D.

WAF appliance

E.

DNS server

Buy Now
Questions 48

A security analyst discovers the company's website is vulnerable to cross-site scripting. Which of the following solutions will best remedy the vulnerability?

Options:

A.

Prepared statements

B.

Server-side input validation

C.

Client-side input encoding

D.

Disabled JavaScript filtering

Buy Now
Questions 49

A vulnerability assessment solution is hosted in the cloud This solution will be used as an accurate inventory data source for both the configuration management database and the governance nsk and compliance tool An analyst has been asked to automate the data acquisition Which of the following would be the BEST way to acqutre the data'

Options:

A.

CSV export

B.

SOAR

C.

API

D.

Machine learning

Buy Now
Questions 50

Which of the following should a database administrator for an analytics firm implement to best protect PII from an insider threat?

Options:

A.

Data deidentification

B.

Data encryption

C.

Data auditing

D.

Data minimization

Buy Now
Questions 51

During an audit several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products Which of the following would be the BEST way to locate this issue?

Options:

A.

Reduce the session timeout threshold

B.

Deploy MFA for access to the web server

C.

Implement input validation

D.

Run a static code scan

Buy Now
Questions 52

Which of the following is MOST dangerous to the client environment during a vulnerability assessment penetration test?

Options:

A.

There is a longer period of time to assess the environment.

B.

The testing is outside the contractual scope

C.

There is a shorter period of time to assess the environment

D.

No status reports are included with the assessment.

Buy Now
Questions 53

Which of the following is the best reason why organizations need operational security controls?

Options:

A.

To supplement areas that other controls cannot address

B.

To limit physical access to areas that contain sensitive data

C.

To assess compliance automatically against a secure baseline

D.

To prevent disclosure by potential insider threats

Buy Now
Questions 54

A company notices unknown devices connecting to the internal network and would like to implement a solution to block all non-corporate managed machines. Which of the following solutions would be best to accomplish this goal?

Options:

A.

WPA2 for W1F1 networks

B.

NAC with 802.1X implementation

C.

Extensible Authentication Protocol

D.

RADIUS with challenge/response

Buy Now
Questions 55

Which of the following is the most effective approach to minimize the occurrence of vulnerabilities introduced by unintentional misconfigurations in the cloud?

Options:

A.

Requiring security training certification before granting access to staff

B.

Migrating all resources to a private cloud deployment

C.

Restricting changes to the deployment of validated laC templates

D.

Reducing laaS deployments by fostering serverless architectures

Buy Now
Questions 56

An application has been updated to fix a vulnerability. Which of the following would ensure that previously patched vulnerabilities have not been reintroduced?

Options:

A.

Stress testing

B.

Regression testing

C.

Code review

D.

Peer review

Buy Now
Questions 57

An incident response team is responding to a breach of multiple systems that contain Pll and PHI Disclosure of the incident to external entities should be based on:

Options:

A.

the responder's discretion.

B.

the public relations policy.

C.

the communication plan.

D.

the senior management team's guidance.

Buy Now
Questions 58

Which of the following BEST describes how logging and monitoring work when entering into a public cloud relationship with a service provider?

Options:

A.

Logging and monitoring are not needed in a public cloud environment

B.

Logging and monitoring are done by the data owners

C.

Logging and monitoring duties are specified in the SLA and contract

D.

Logging and monitoring are done by the service provider

Buy Now
Questions 59

Which of the following are the MOST likely reasons lo include reporting processes when updating an incident response plan after a breach? (Select TWO).

Options:

A.

To establish a clear chain of command

B.

To meet regulatory requirements for timely reporting

C.

To limit reputation damage caused by the breach

D.

To remediate vulnerabilities that led to the breach

E.

To isolate potential insider threats

F.

To provide secure network design changes

Buy Now
Questions 60

An organization has a policy that requires servers to be dedicated to one function and unneeded services to be disabled. Given the following output from an Nmap scan of a web server:

Which of the following ports should be closed?

Options:

A.

22

B.

80

C.

443

D.

1433

Buy Now
Questions 61

A security analyst is reviewing a new Internet portal that will be used for corporate employees to obtain their pay statements. Corporate policy classifies pay statement information as confidential, and it must be protected by MFA. Which of the following would best fulfill the MFA requirement while keeping the portal accessible from the internet?

Options:

A.

Obtaining home public IP addresses of corporate employees to implement source IP restrictions and requiring a username and password

B.

Requiring the internet portal to be accessible from only the corporate SSO internet endpoint and requiring a smart card and PIN

C.

Moving the internet portal server to a DMZ that is only accessible from the corporate VPN and requiring a username and password

D.

Distributing a shared password that must be provided before the internet portal loads and requiring a username and password

Buy Now
Questions 62

A security analyst is investigating an active threat of the system memory. While narrowing down the source of the threat, the analyst is inspecting all processes to isolate suspicious activity Which of the following techniques is the analyst using?

Options:

A.

Live forensics

B.

Logical acquisition

C.

Timeline analysis

D.

Static acquisition

Buy Now
Questions 63

A security analyst works for a biotechnology lab that is planning to release details about a new cancer treatment. The analyst has been instructed to tune the SIEM softvare and IPS in preparation for the

announcement. For which of the following concerns will the analyst most likely be monitoring?

Options:

A.

Intellectual property loss

B.

PII loss

C.

Financial information loss

D.

PHI loss

Buy Now
Questions 64

A security engineer is reviewing security products that identify malicious actions by users as part of a company's insider threat program. Which of the following is the most appropriate product category for this purpose?

Options:

A.

SCAP

B.

SOAR

C.

UEBA

D.

WAF

Buy Now
Questions 65

Which of the following is a vulnerability associated with the Modbus protocol?

Options:

A.

Weak encryption

B.

Denial of service

C.

Unchecked user input

D.

Lack of authentication

Buy Now
Questions 66

A security analyst is deploying a new application in the environment. The application needs to be integrated with several existing applications that contain SPI Pnor to the deployment, the analyst should conduct:

Options:

A.

a tabletop exercise

B.

a business impact analysis

C.

a PCI assessment

D.

an application stress test.

Buy Now
Questions 67

Ensuring that all areas of security have the proper controls is a primary reason why organizations use:

Options:

A.

frameworks.

B.

directors and officers.

C.

incident response plans.

D.

engineering rigor.

Buy Now
Questions 68

A cybersecunty analyst needs to harden a server that is currently being used as a web server The server needs to be accessible when entenng www company com into the browser Additionally web pages require frequent updates which are performed by a remote contractor Given the following output:

Which of the following should the cybersecunty analyst recommend to harden the server? (Select TWO).

Options:

A.

Uninstall the DNS service

B.

Perform a vulnerability scan

C.

Change the server's IP to a private IP address

D.

Disable the Telnet service

E.

Block port 80 with the host-based firewall

F.

Change the SSH port to a non-standard port

Buy Now
Questions 69

A team of network security analysts is examining network traffic to determine if sensitive data was exfiltrated. Upon further investigation, the analysts believe confidential data was compromised. Which of the following capabilities would BEST defend against this type of sensitive data exfiltration?

Options:

A.

Deploy an edge firewall.

B.

Implement DLP

C.

Deploy EDR.

D.

Encrypt the hard drives

Buy Now
Questions 70

An organization supports a large number of remote users. Which of the following is the best option to protect the data on the remote users' laptops?

Options:

A.

Require the use of VPNs.

B.

Require employees to sign an NDA.

C.

Implement a DLP solution.

D.

Use whole disk encryption.

Buy Now
Questions 71

An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions. the user's account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis. The organization has the following reporting priorities when reviewing system activity:

• Successful administrator login reporting priority - high

• Failed administrator login reporting priority - medium

• Failed temporary elevated permissions - low

• Successful temporary elevated permissions - non-reportable

A security analyst is reviewing server syslogs and sees the following:

Which of the following events is the HIGHEST reporting priority?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 72

An organization is experiencing security incidents in which a systems administrator is creating unauthorized user accounts A security analyst has created a script to snapshot the system configuration each day. Following iss one of the scripts:

This script has been running successfully every day. Which of the following commands would provide the analyst with additional useful information relevant to the above script?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 73

Which of the following SCAP standards provides standardization tor measuring and describing the seventy of security-related software flaws?

Options:

A.

OVAL

B.

CVSS

C.

CVE

D.

CCE

Buy Now
Questions 74

As part of the senior leadership team's ongoing nsk management activities the Chief Information Security Officer has tasked a security analyst with coordinating the right training and testing methodology to respond to new business initiatives or significant changes to existing ones The management team wants to examine a new business process that would use existing infrastructure to process and store sensitive data Which of the following would be appropnate for the security analyst to coordinate?

Options:

A.

A black-box penetration testing engagement

B.

A tabletop exercise

C.

Threat modeling

D.

A business impact analysis

Buy Now
Questions 75

An information security analyst discovered a virtual machine server was compromised by an attacker. Which of the following should be the first steps to confirm and respond to the incident? (Select two).

Options:

A.

Pause the virtual machine.

B.

Shut down the virtual machine.

C.

Take a snapshot of the virtual machine.

D.

Remove the NIC from the virtual machine.

E.

Review host hypervisor log of the virtual machine.

F.

Execute a migration of the virtual machine.

Buy Now
Questions 76

A security analyst at exampte.com receives a SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream:

Winch of the following actions should the security analyst lake NEXT?

Options:

A.

Review the known Apache vulnerabilities to determine if a compromise actually occurred

B.

Contact the application owner for connect example local tor additional information

C.

Mark the alert as a false positive scan coming from an approved source.

D.

Raise a request to the firewall team to block 203.0.113.15.

Buy Now
Questions 77

An analyst received an alert regarding an application spawning a suspicious command shell process Upon further investigation, the analyst observes the following registry change occurring immediately after the suspicious event:

Which of the following was the suspicious event able to accomplish?

Options:

A.

Impair defenses.

B.

Establish persistence.

C.

Bypass file access controls.

D.

Implement beaconing.

Buy Now
Questions 78

An analyst is responding 10 an incident involving an attack on a company-owned mobile device that was being used by an employee to collect data from clients in the held. Maiware was loaded on the device via the installation of a third-party software package The analyst has baselined the device Which of the following should the analyst do to BEST mitigate future attacks?

Options:

A.

Implement MDM

B.

Update the maiware catalog

C.

Patch the mobile device's OS

D.

Block third-party applications

Buy Now
Questions 79

Which of the following is the BEST option to protect a web application against CSRF attacks?

Options:

A.

Update the web application to the latest version.

B.

Set a server-side rate limit for CSRF token generation.

C.

Avoid the transmission of CSRF tokens using cookies.

D.

Configure the web application to only use HTTPS and TLS 1.3.

Buy Now
Questions 80

A forensic analyst is conducting an investigation on a compromised server Which of the following should the analyst do first to preserve evidence''

Options:

A.

Restore damaged data from the backup media

B.

Create a system timeline

C.

Monitor user access to compromised systems

D.

Back up all log files and audit trails

Buy Now
Questions 81

A security analyst is reviewing the network security monitoring logs listed below:

Which of the following is the analyst most likely observing? (Select two).

Options:

A.

10.1.1.128 sent potential malicious traffic to the web server.

B.

10.1.1.128 sent malicious requests, and the alert is a false positive

C.

10.1.1.129 successfully exploited a vulnerability on the web server

D.

10.1.1.129 sent potential malicious requests to the web server

E.

10.1.1.129 can determine mat port 443 is being used

F.

10.1.1.130 can potentially obtain information about the PHP version

Buy Now
Questions 82

Which of the following data exfiltration discoveries would most likely require communicating a breach to regulatory agencies?

Options:

A.

CRM data

B.

PHI files

C.

SIEM logs

D.

UEBA metrics

Buy Now
Questions 83

A new government regulation requires that organizations only retain the minimum amount of data on a person to perform the organization's necessary activities. Which of the following techniques would help an organization comply with this new regulation?

Options:

A.

Storing the highest-risk data in a separate and secured environment

B.

Limiting access to data on a need-to-know basis

C.

Deidentlfying a data subject throughout the organization's applications

D.

Having a privacy expert peer review source code before deployment

Buy Now
Questions 84

After examining a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using?

Options:

A.

Header analysis

B.

File carving

C.

Metadata analysis

D.

Data recovery

Buy Now
Questions 85

A manufacturing company uses a third-party service provider lor Tier 1 security support One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?

Options:

A.

Implement a secure supply chain program with governance

B.

Implement blacklisting for IP addresses from outside the country

C.

Implement strong authentication controls for all contractors

D.

Implement user behavior analytics for key staff members

Buy Now
Questions 86

An organization discovers motherboards within the environment that appear to have been physically altered during the manufacturing process. Which of the following is the BEST course of action to mitigate the risk of this reoccurring?

Options:

A.

Perform an assessment of the firmware to determine any malicious modifications.

B.

Conduct a trade study to determine if the additional risk constitutes further action.

C.

Coordinate a supply chain assessment to ensure hardware authenticity.

D.

Work with IT to replace the devices with the known-altered motherboards.

Buy Now
Questions 87

During routine monitoring a security analyst identified the following enterpnse network traffic:

Packet capture output:

Which of the following BEST describes what the security analyst observed?

Options:

A.

66.187.224.210 set up a DNS hijack with 192.168.12.21.

B.

192.168.12.21 made a TCP connection to 66 187 224 210

C.

192.168.12.21 made a TCP connection to 209 132 177 50

D.

209.132.177.50 set up a TCP reset attack to 192 168 12 21

Buy Now
Questions 88

The following output is from a tcpdump al the edge of the corporate network:

Which of the following best describes the potential security concern?

Options:

A.

Payload lengths may be used to overflow buffers enabling code execution.

B.

Encapsulated traffic may evade security monitoring and defenses

C.

This traffic exhibits a reconnaissance technique to create network footprints.

D.

The content of the traffic payload may permit VLAN hopping.

Buy Now
Questions 89

A security analyst is designing firewall rules to prevent external IP spoofing Which of the following explains the firewall rule for mitigation?

Options:

A.

Packets with external source IP addresses do not enter the network from either direction.

B.

Packets with internal source IP addresses do not enter the network from the outside.

C.

Packets with internal source IP addresses do not exit the network from the inside.

D.

Packets with public IP addresses do not pass through the router in either direction.

Buy Now
Questions 90

A security analyst is reviewing the following server statistics:

Which of the following is MOST likely occurring?

Options:

A.

Race condition

B.

Privilege escalation

C.

Resource exhaustion

D.

VM escape

Buy Now
Questions 91

An organization is concerned about the proper handling of data and wants to implement measures to help safeguard customer data and the organization's proprietary information from exposure. Which of the following is the first step to improve awareness of overall privacy and protection?

Options:

A.

Perform user acceptance testing.

B.

Implement corporate policies.

C.

Conduct biannual training.

D.

Review data classification processes.

Buy Now
Questions 92

While investigating reports or issues with a web server, a security analyst attempts to log in remotely and recedes the following message:

The analyst accesses the server console, and the following console messages are displayed:

The analyst is also unable to log in on the console. While reviewing network captures for the server, the analyst sees many packets with the following signature:

Which of the following is the BEST step for the analyst to lake next in this situation?

Options:

A.

Load the network captures into a protocol analyzer to further investigate the communication with 128.30.100.23, as this may be a botnet command server

B.

After ensuring network captures from the server are saved isolate the server from the network take a memory snapshot, reboot and log in to do further analysis.

C.

Corporate data is being exfilltrated from the server Reboot the server and log in to see if it contains any sensitive data.

D.

Cryptomining malware is running on the server and utilizing an CPU and memory. Reboot the server and disable any cron Jobs or startup scripts that start the mining software.

Buy Now
Questions 93

A security analyst wants to capture large amounts of network data that will be analyzed at a later time. The packet capture does not need to be in a format that is readable by humans, since it will be put into a binary file called "packetCapture." The capture must be as efficient as possible, and the analyst wants to minimize the likelihood that packets will be missed. Which of the following commands will best accomplish the analyst's objectives?

Options:

A.

tcpdump -w packetCapture

B.

tcpdump -a packetCapture

C.

tcpdump -n packetCapture

D.

nmap -v > packetCapture

E.

nmap -oA > packetCapture

Buy Now
Questions 94

A security analyst is reviewing the following server statistics:

Which of the following Is MOST likely occurring?

Options:

A.

Race condition

B.

Privilege escalation

C.

Resource exhaustion

D.

VM escape

Buy Now
Questions 95

A digital forensics investigator works from duplicate images to preserve the integrity of the original evidence. Which of the following types of media are most volatile and should be preserved? (Select two).

Options:

A.

Memory cache

B.

Registry file

C.

SSD storage

D.

Temporary filesystems

E.

Packet decoding

F.

Swap volume

Buy Now
Questions 96

A security analyst performs a weekly vulnerability scan on a network that has 240 devices and receives a report with 2.450 pages. Which of the following would most likely decrease the number of false positives?

Options:

A.

Manual validation

B.

Penetration testing

C.

A known-environment assessment

D.

Credentialed scanning

Buy Now
Questions 97

A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating data. The security engineer also see that deployed, up-to-date antivirus signatures are ineffective. Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

Options:

A.

IDS signatures

B.

Data loss prevention

C.

Port security

D.

Sinkholing

Buy Now
Questions 98

Members of the sales team are using email to send sensitive client lists with contact information to their personal accounts The company's AUP and code of conduct prohibits this practice. Which of the following configuration changes would improve security and help prevent this from occurring?

Options:

A.

Configure the DLP transport rules to provide deep content analysis.

B.

Put employees' personal email accounts on the mail server on a blocklist.

C.

Set up IPS to scan for outbound emails containing names and contact information.

D.

Use Group Policy to prevent users from copying and pasting information into emails.

E.

Move outbound emails containing names and contact information to a sandbox for further examination.

Buy Now
Questions 99

The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the organization:

Which of the following should the organization consider investing in first due to the potential impact of availability?

Options:

A.

Hire a managed service provider to help with vulnerability management.

B.

Build a warm site in case of system outages.

C.

Invest in a failover and redundant system, as necessary.

D.

Hire additional staff for the IT department to assist with vulnerability management and log review.

Buy Now
Questions 100

A company's threat team has been reviewing recent security incidents and looking for a common theme. The team discovered the incidents were caused by incorrect configurations on the impacted systems. The issues were reported to support teams, but no action was taken. Which of the following is the next step the company should take to ensure any future issues are remediated?

Options:

A.

Require support teams to develop a corrective control that ensures security failures are addressed once they are identified.

B.

Require support teams to develop a preventive control that ensures new systems are built with the required security configurations.

C.

Require support teams to develop a detective control that ensures they continuously assess systems for configuration errors.

D.

Require support teams to develop a managerial control that ensures systems have a documented configuration baseline.

Buy Now
Questions 101

A vulnerability scanner has identified an out-of-support database software version running on a server. The software update will take six to nine months to complete. The management team has agreed to a one-year extended support contract with the software vendor. Which of the following BEST describes the risk treatment in this scenario?

Options:

A.

The extended support mitigates any risk associated with the software.

B.

The extended support contract changes this vulnerability finding to a false positive.

C.

The company is transferring the risk for the vulnerability to the software vendor.

D.

The company is accepting the inherent risk of the vulnerability.

Buy Now
Questions 102

During the threat modeling process for a new application that a company is launching, a security analyst needs to define methods and items to take into consideralion Wtiich of the following are part of a known threat modeling method?

Options:

A.

Threat profile, infrastructure and application vulnerabilities, security strategy and plans

B.

Purpose, objective, scope, (earn management, cost, roles and responsibilities

C.

Spoofing tampering, repudiation, information disclosure, denial of service elevation of privilege

D.

Human impact, adversary's motivation, adversary's resources, adversary's methods

Buy Now
Questions 103

A software developer is correcting the error-handling capabilities of an application following the initial coding of the fix. Which of the following would the software developer MOST likely performed to validate the code poor to pushing it to production?

Options:

A.

Web-application vulnerability scan

B.

Static analysis

C.

Packet inspection

D.

Penetration test

Buy Now
Questions 104

A security analyst is supporting an embedded software team. Which of the following is the best recommendation to ensure proper error handling at runtime?

Options:

A.

Perform static code analysis.

B.

Require application fuzzing.

C.

Enforce input validation.

D.

Perform a code review.

Buy Now
Questions 105

A company wants to ensure a third party does not take intellectual property and build a competing product. Which of the following is a non-technical data and privacy control that would best protect the company?

Options:

A.

Data encryption

B.

A non-disclosure agreement

C.

Purpose limitation

D.

Digital rights management

Buy Now
Questions 106

A security learn implemented a SCM as part for its security-monitoring program there is a requirement to integrate a number of sources Into the SIEM to provide better context relative to the events being processed. Which of the following B€ST describes the result the security learn hopes to accomplish by adding these sources?

Options:

A.

Data enrichment

B.

Continuous integration

C.

Machine learning

D.

Workflow orchestration

Buy Now
Questions 107

A financial organization has offices located globally. Per the organization’s policies and procedures, all executives who conduct Business overseas must have their mobile devices checked for malicious software or evidence of tempering upon their return. The information security department oversees the process, and no executive has had a device compromised. The Chief information Security Officer wants to Implement an additional safeguard to protect the organization's data. Which of the following controls would work BEST to protect the privacy of the data if a device is stolen?

Options:

A.

Implement a mobile device wiping solution for use if a device is lost or stolen.

B.

Install a DLP solution to track data now

C.

Install an encryption solution on all mobile devices.

D.

Train employees to report a lost or stolen laptop to the security department immediately

Buy Now
Questions 108

Which of the following BEST identifies the appropriate use of threat intelligence as a function of detection and response?

Options:

A.

To identify weaknesses in an organization's security posture

B.

To identify likely attack scenarios within an organization

C.

To build a business security plan for an organization

D.

To build a network segmentation strategy

Buy Now
Questions 109

A new prototype for a company's flagship product was leaked on the internet As a result, the management team has locked out all USB drives Optical drive writers are not present on company computers The sales team has been granted an exception to share sales presentation files with third parties Which of the following would allow the IT team to determine which devices are USB enabled?

Options:

A.

Asset tagging

B.

Device encryption

C.

Data loss prevention

D.

SIEMIogs

Buy Now
Questions 110

An organization implemented an extensive firewall access-control blocklist to prevent internal network ranges from communicating with a list of IP addresses of known command-and-control domains A security analyst wants to reduce the load on the firewall. Which of the following can the analyst implement to achieve similar protection and reduce the load on the firewall?

Options:

A.

A DLP system

B.

DNS sinkholing

C.

IP address allow list

D.

An inline IDS

Buy Now
Questions 111

A risk assessment concludes that the perimeter network has the highest potential for compromise by an attacker, and it is labeled as a critical risk environment. Which of the following is a valid compensating control to reduce the volume of valuable information in the perimeter network that an attacker could gain using active reconnaissance techniques?

Options:

A.

A control that demonstrates that all systems authenticate using the approved authentication method

B.

A control that demonstrates that access to a system is only allowed by using SSH

C.

A control that demonstrates that firewall rules are peer reviewed for accuracy and approved before deployment

D.

A control that demonstrates that the network security policy is reviewed and updated yearly

Buy Now
Exam Code: CS0-002
Exam Name: CompTIA CySA+ Certification Exam (CS0-002)
Last Update: Dec 26, 2024
Questions: 372
CS0-002 pdf

CS0-002 PDF

$25.5  $84.99
CS0-002 Engine

CS0-002 Testing Engine

$30  $99.99
CS0-002 PDF + Engine

CS0-002 PDF + Testing Engine

$40.5  $134.99