Online Questions - Valid Practice To your CS0-002 Exam (Updated 530 Questions) [Q113-Q134]

5/5 - (1 vote)

Online Questions – Valid Practice To your CS0-002 Exam (Updated 530 Questions)

Practice To CS0-002 – Remarkable Practice On your CompTIA Cybersecurity Analyst (CySA+) Certification Exam Exam

CompTIA CySA+ CS0-002 Practice Test Questions, CompTIA CySA+ CS0-002 Exam Practice Test Questions

If you want to become a certified cybersecurity analyst who has the required hands-on skills and technical knowledge to perform all the needed cybersecurity tasks, your perfect choice will be to obtain the CompTIA CySA+ certification. It is increasingly important for an organization to follow the analytics-based approach that helps it function safely and securely, and a professional who has this sought-after certificate can change the situation for better. So, if you want to earn this certification, you should pass the CompTIA CS0-002 exam.

Software & Systems Security: 18%

Explaining hardware assurance best practices: this will measure the knowledge of eFuse, unified extensible firmware interface, trusted foundry, secure processing, self-encrypting drive, bus encryption, measured boot and attestation, and trusted firmware updates.
Explaining software assurance best practices: this topic requires the learners’ understanding of platforms, DevSecOps, secure coding best practices, software development life cycle integration, and dynamic analysis tools.
Applying security solutions to infrastructure management: the candidates will demonstrate their understanding of Cloud vs. on-premise, assess management, segmentation, network architecture, change management, virtualization, containerization, identity & access management, encryption, active defense, monitoring, and logging.

NEW QUESTION 113
A company uses a managed IDS system, and a security analyst has noticed a large volume of brute force password attacks originating from a single IP address. The analyst put in a ticket with the IDS provider, but no action was taken for 24 hours, and the attacks continued. Which of the following would be the BEST approach for the scenario described?

Draft a new MOU to include response incentive fees.

Reengineer the BPA to meet the organization’s needs.

Modify the SLA to support organizational requirements.

Implement an MOA to improve vendor responsiveness.

NEW QUESTION 114
An analyst is reviewing the following output as part of an incident:

Which of the Wowing is MOST likely happening?

The hosts are part of a reflective denial -of -service attack.

Information is leaking from the memory of host 10.20 30.40

Sensitive data is being exfilltrated by host 192.168.1.10.

Host 291.168.1.10 is performing firewall port knocking.

NEW QUESTION 115
You are a cybersecurity analyst tasked with interpreting scan data from Company A’s servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.
The company’s hardening guidelines indicate the following:
* TLS 1.2 is the only version of TLS running.
* Apache 2.4.18 or greater should be used.
* Only default ports should be used.
INSTRUCTIONS
Using the supplied data, record the status of compliance with the company’s guidelines for each server.
The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.

NEW QUESTION 116
A cybersecurity analyst is reviewing the current BYOD security posture.
The users must be able to synchronize their calendars, email, and contacts to a smartphone or other personal device.
The recommendation must provide the most flexibility to users.
Which of the following recommendations would meet both the mobile data protection efforts and the business requirements described in this scenario?

Develop a minimum security baseline while restricting the type of data that can be accessed.

Implement a single computer configured with USB access and monitored by sensors.

Deploy a kiosk for synchronizing while using an access list of approved users.

Implement a wireless network configured for mobile device access and monitored by sensors.

NEW QUESTION 117
A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:

The analyst runs the following command next:

Which of the following would explain the difference in results?

ICMP is being blocked by a firewall.

The routing tables for ping and hping3 were different.

The original ping command needed root permission to execute.

hping3 is returning a false positive.

NEW QUESTION 118
A cybersecurity analyst is currently using Nessus to scan several FTP servers. Upon receiving the results of the scan, the analyst needs to further test to verify that the vulnerability found exists.
The analyst uses the following snippet of code:

Which of the following vulnerabilities is the analyst checking for?

Buffer overflow

SQL injection

Default passwords

Format string attack

NEW QUESTION 119
An organization has been conducting penetration testing to identify possible network vulnerabilities. One of the security policies states that web servers and database servers must not be co-located on the same server unless one of them runs on a non-standard. The penetration tester has received the following outputs from the latest set of scans:

Which of the following servers is out of compliance?

finServer

adminServer

orgServer

opsServer

NEW QUESTION 120
Which of the following would a security engineer recommend to BEST protect sensitive system data from being accessed on mobile devices?

Use a UEFI boot password

Implement a self-encrypted disk

Configure filesystem encryption

Enable Secure Boot using TPM

NEW QUESTION 121
A security analyst has performed various scans and found vulnerabilities in several applications that affect production data. Remediation of all exploits may cause certain applications to no longer work. Which of the following activities would need to be conducted BEFORE remediation?

Fuzzing

Input validation

Change control

Sandboxing

NEW QUESTION 122
Which of the following is the BEST security practice to prevent ActiveX controls from running malicious code on a user’s web application?

Configuring a firewall to block traffic on ports that use ActiveX controls

Adjusting the web-browser settings to block ActiveX controls

Installing network-based IPS to block malicious ActiveX code

Deploying HIPS to block malicious ActiveX code

NEW QUESTION 123
An organization needs to limit its exposure to accidental disclosure when employees send emails that contain personal information to recipients outside the company Which of the following technical controls would BEST accomplish this goal?

DLP

Encryption

Data masking

SPF

NEW QUESTION 124
A Chief Information Security Officer (CISO) wants to upgrade an organization’s security posture by improving proactive activities associated with attacks from internal and external threats.
Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?

Development of a hypothesis as part of threat hunting

Log correlation, monitoring, and automated reporting through a SIEM platform

Continuous compliance monitoring using SCAP dashboards

Quarterly vulnerability scanning using credentialed scans

NEW QUESTION 125
An analyst has received a notification about potential malicious activity against a web server. The analyst logs in to a central log collection server and runs the following command: “cat access.log.1 | grep “union”. The output shown below appears:
<68.71.54.117> – – [31/Jan/2020:10:02:31 -0400] “Get /cgi-bin/backend1.sh?id=%20union%20select%20192.168.60.50 HTTP/1.1” Which of the following attacks has occurred on the server?

Cross-site request forgery

SQL injection

Cross-site scripting

Directory traversal

NEW QUESTION 126
A vulnerability scan came back with critical findings for a Microsoft SharePoint server:

Which of the following actions should be taken?

Remove Microsoft Office from the server.

Document the finding as an exception.

Install a newer version of Microsoft Office on the server.

Patch Microsoft Office on the server.

NEW QUESTION 127
A security analyst for a large pharmaceutical company was given credentials from a threat intelligence resources organisation for Internal users, which contain usernames and valid passwords for company accounts. Which of the following is the FIRST action the analyst should take as part of security operations monitoring?

Run scheduled antivirus scans on all employees’ machines to look for malicious processes.

Reimage the machines of all users within the group in case of a malware infection.

Change all the user passwords to ensure the malicious actors cannot use them.

Search the event logs for event identifiers that indicate Mimikatz was used.

NEW QUESTION 128
A cybersecurity analyst is conducting packet analysis on the following:

Which of the following is occurring in the given packet capture?

ARP spoofing

Broadcast storm

Smurf attack

Network enumeration

Zero-day exploit

NEW QUESTION 129
A developer wrote a script to make names and other Pll data unidentifiable before loading a database export into the testing system Which of the following describes the type of control that is being used?

Data encoding

Data masking

Data loss prevention

Data classification

NEW QUESTION 130
A security analyst has a sample of malicious software and needs to know what the sample does? The analyst runs the sample in a carefully controlled and monitored virtual machine to observe the software behavior.
Which of the following malware analysis approaches is this?

White box testing

Fuzzing

Sandboxing

Static code analysis

NEW QUESTION 131
After detecting possible malicious external scanning, an internal vulnerability scan was performed, and a critical server was found with an outdated version of JBoss. A legacy application that is running depends on that version of JBoss. Which of the following actions should be taken FIRST to prevent server compromise and business disruption at the same time?

Make a backup of the server and update the JBoss server that is running on it.

Contact the vendor for the legacy application and request an updated version.

Create a proper DMZ for outdated components and segregate the JBoss server.

Apply visualization over the server, using the new platform to provide the JBoss service for the legacy application as an external service.

NEW QUESTION 132
In order to meet regulatory compliance objectives for the storage of PHI, vulnerability scans must be conducted on a continuous basis.
The last completed scan of the network returned 5,682 possible vulnerabilities.
The Chief Information Officer (CIO) would like to establish a remediation plan to resolve all known issues.
Which of the following is the BEST way to proceed?

Attempt to identify all false positives and exceptions, and then resolve all remaining items.

Hold off on additional scanning until the current list of vulnerabilities have been resolved.

Place assets that handle PHI in a sandbox environment, and then resolve all vulnerabilities.

Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first.

NEW QUESTION 133
A cybersecurity analyst is investigating a potential incident affecting multiple systems on a company’s internal network. Although there is a negligible impact to performance, the following symptom present on each of the affected systems:
* Existence of a new and unexpected svchost exe process
* Persistent, outbound TCP/IP connections to an unknown external host with routine keep-alives transferred
* DNS query logs showing successful name resolution for an Internet-resident dynamic DNS domain
If this situation remains unresolved, which of the following will MOST likely occur?

The affected hosts may participate in a coordinated DDoS attack upon command

An adversary may leverage the affected hosts to reconfigure the company’s router ACLs.

Key files on the affected hosts may become encrypted and require ransom payment for unlock.

The adversary may attempt to perform a man-in-the-middle attack.

NEW QUESTION 134
A security analyst has received reports of very slow, intermittent access to a public-facing corporate server.
Suspecting the system may be compromised, the analyst runs the following commands:

Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?