Latest CompTIA CySA+ Study Guide CS0-002 Exam Questions

Regina2021-11-20T01:47:51+00:00

It is a good chance to prepare for CompTIA Cybersecurity Analyst (CySA+) Certification Exam well with the latest CompTIA CySA+ study guide. Real CS0-002 exam questions with the precise answers provided by ITExamShop should be the greatest study guide to ensure that you master all the exam questions and pass real CompTIA CySA+ exam successfully. With ITExamShop CS0-002 exam questions, you can start at learning actual Q&As, once fail, we will refund the full money. Additionally, you can check CompTIA CySA+ CS0-002 free exam questions as demo to check the latest study guide.

Below Are The CS0-002 Free Questions, You Can Test By Yourself

Page 1 of 4

1. A security analyst needs to obtain the footprint of the network.

The footprint must identify the following information;

• TCP and UDP services running on a targeted system

• Types of operating systems and versions

• Specific applications and versions

Which of the following tools should the analyst use to obtain the data?

ZAP

Nmap

Prowler

Reaver

2. A security analyst is investigating an incident that appears to have started with SOL injection against a publicly available web application.

Which of the following is the FIRST step the analyst should take to prevent future attacks?

Modify the IDS rules to have a signature for SQL injection.

Take the server offline to prevent continued SQL injection attacks.

Create a WAF rule In block mode for SQL injection

Ask the developers to implement parameterized SQL queries.

3. A malicious artifact was collected during an incident response procedure. A security analyst is unable to run it in a sandbox to understand its features and method of operation.

Which of the following procedures is the BEST approach to perform a further analysis of the malware's capabilities?

Reverse engineering

Dynamic analysis

Strings extraction

Static analysis

4. A company just chose a global software company based in Europe to implement a new supply chain management solution.

Which of the following would be the MAIN concern of the company?

Violating national security policy

Packet injection

Loss of intellectual property

International labor laws

5. A security analyst needs to perform a search for connections with a suspicious IP on the network traffic. The company collects full packet captures at the Internet gateway and retains them for one week.

Which of the following will enable the analyst to obtain the BEST results?

grep -a <suspicious ip> internet.pcap

tcpdump-n-rinternet.pcaphost<suspicious ip>

strings internet.pcap | grep <suspicious ip>

npcapd internet.pcap | grep <suspicious ip>

6. The help desk noticed a security analyst that emails from a new email server are not being sent out. The new email server was recently added to the existing ones.

The analyst runs the following command on the new server.

Given the output, which of the following should the security analyst check NEXT?

The DNS name of the new email server

The version of SPF that is being used

The IP address of the new email server

The DMARC policy

7. The SOC has received reports of slowness across all workstation network segments. The currently installed antivirus has not detected anything, but a different anti-malware product was just downloaded

and has revealed a worm is spreading

Which of the following should be the NEXT step in this incident response?

Enable an ACL on all VLANs to contain each segment

Compile a list of loCs so the IPS can be updated to halt the spread.

Send a sample of the malware to the antivirus vendor and request urgent signature creation.

Begin deploying the new anti-malware on all uninfected systems.

8. The inability to do remote updates of certificates. keys software and firmware is a security issue commonly associated with:

web servers on private networks.

HVAC control systems

smartphones

firewalls and UTM devices

9. CORRECT TEXT

You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.

The company's hardening guidelines indicate the following:

• TLS 1.2 is the only version of TLS running.

• Apache 2.4.18 or greater should be used.

• Only default ports should be used.

INSTRUCTIONS

Using the supplied data, record the status of compliance with the company's guidelines for each server.

The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.

10. An analyst is reviewing the following code output of a vulnerability scan:

if (search name ! = null )

{

%>

employee <%search names%> not found

}

Which of the following types of vulnerabilities does this MOST likely represent?

A insecure direct object reference vulnerability

An HTTP response split vulnerability

A credential bypass vulnerability

A XSS vulnerability

Page 2 of 4

11. A security analyst inspects the header of an email that is presumed to be malicious and sees the following:

Which of the following is inconsistent with the rest of the header and should be treated as suspicious?

The subject line

The sender's email address

The destination email server

The use of a TLS cipher

12. A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of the device, the security committee makes a risk- based policy decision to review and enforce the vendor upgrade before the end of life is reached.

Which of the following risk actions has the security committee taken?

Risk exception

Risk avoidance

Risk tolerance

Risk acceptance

13. An application server runs slowly and then triggers a high CPU alert. After investigating, a security analyst finds an unauthorized program is running on the server.

The analyst reviews the application log below.

Which of the following conclusions is supported by the application log?

An attacker was attempting to perform a buffer overflow attack to execute a payload in memory.

An attacker was attempting to perform an XSS attack via a vulnerable third-party library.

An attacker was attempting to download files via a remote command execution vulnerability

An attacker was attempting to perform a DoS attack against the server.

14. A security analyst is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS.

Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise'?

Run an anti-malware scan on the system to detect and eradicate the current threat

Start a network capture on the system to look into the DNS requests to validate command and control traffic.

Shut down the system to prevent further degradation of the company network

Reimage the machine to remove the threat completely and get back to a normal running state.

Isolate the system on the network to ensure it cannot access other systems while evaluation is underway.

15. A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:

Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

PC1

PC2

Server1

Server2

Firewall

16. A security analyst reviews SIEM logs and detects a well-known malicious executable running in a Windows machine. The up-to-date antivirus cannot detect the malicious executable.

Which of the following is the MOST likely cause of this issue?

The malware is being executed with administrative privileges.

The antivirus does not have the mltware's signature.

The malware detects and prevents its own execution in a virtual environment.

The malware is fileless and exists only in physical memory.

17. A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.

Tool A reported the following:

Tool B reported the following:

Which of the following BEST describes the method used by each tool? (Choose two.)

Tool A is agent based.

Tool A used fuzzing logic to test vulnerabilities.

Tool A is unauthenticated.

Tool B utilized machine learning technology.

Tool B is agent based.

Tool B is unauthenticated.

18. The inability to do remote updates of certificates, keys, software, and firmware is a security issue commonly associated with:

web servers on private networks

HVAC control systems

smartphones

firewalls and UTM devices

19. After a breach involving the exfiltration of a large amount of sensitive data a security analyst is reviewing the following firewall logs to determine how the breach occurred:

Which of the following IP addresses does the analyst need to investigate further?

192.168.1.1

192.168.1.10

192.168.1.12

192.168.1.193

20. An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform.

Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?

FaaS

RTOS

SoC

GPS

CAN bus

Page 3 of 4

21. A security analyst is reviewing the following log from an email security service.

Which of the following BEST describes the reason why the email was blocked?

The To address is invalid.

The email originated from the www.spamfilter.org UR

The IP address and the remote server name are the same.

The IP address was blacklisted.

The From address is invalid.

22. A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment.

Which of the following is the BEST solution?

Virtualize the system and decommission the physical machine.

Remove it from the network and require air gapping.

Only allow access to the system via a jumpbox

Implement MFA on the specific system.

23. An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application.

The working hypothesis is as follows:

• Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant target

• The platform Is most likely vulnerable to poor patching and Inadequate server hardening, which expose vulnerable services.

• The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.

As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SOL injection attacks.

Which of the following BEST represents the technique in use?

Improving detection capabilities

Bundling critical assets

Profiling threat actors and activities

Reducing the attack surface area

24. A Chief Security Officer (CSO) is working on the communication requirements (or an organization's incident response plan.

In addition to technical response activities, which of the following is the main reason why communication must be addressed in an effective incident response program?

Public relations must receive information promptly in order to notify the community.

Improper communications can create unnecessary complexity and delay response actions.

Organizational personnel must only interact with trusted members of the law enforcement community.

Senior leadership should act as the only voice for the incident response team when working with forensics teams.

25. A company’s Chief Information Security Officer (CISO) is concerned about the integrity of some highly confidential files. Any changes to these files must be tied back to a specific authorized user’s activity session.

Which of the following is the BEST technique to address the CISO’s concerns?

Configure DLP to reject all changes to the files without pre-authorization. Monitor the files for unauthorized changes.

Regularly use SHA-256 to hash the directory containing the sensitive information. Monitor the files for unauthorized changes.

Place a legal hold on the files. Require authorized users to abide by a strict time context access policy. Monitor the files for unauthorized changes.

Use Wireshark to scan all traffic to and from the directory. Monitor the files for unauthorized changes.

26. A hybrid control is one that:

is implemented differently on individual systems

is implemented at the enterprise and system levels

has operational and technical components

authenticates using passwords and hardware tokens

27. A security analyst is researching an incident and uncovers several details that may link to other incidents. The security analyst wants to determine if other incidents are related to the current incident.

Which of the following threat research methodoloqies would be MOST appropriate for the analyst to use?

Reputation data

CVSS score

Risk assessment

Behavioral analysis

28. An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours.

Which of the following cloud recovery strategies would work BEST to attain the desired outcome?

Duplicate all services in another instance and load balance between the instances.

Establish a hot site with active replication to another region within the same cloud provider.

Set up a warm disaster recovery site with the same cloud provider in a different region

Configure the systems with a cold site at another cloud provider that can be used for failover.

29. A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Bing Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of being compromised.

Which of the following is the value of this risk?

$75.000

$300.000

$1.425 million

$1.5 million

30. An employee in the billing department accidentally sent a spreadsheet containing payment card data to a recipient outside the organization. The employee intended to send the spreadsheet to an internal staff member with a similar name and was unaware of the mistake until the recipient replied to the message.

In addition to retraining the employee, which of the following would prevent this from happening in the future?

Implement outgoing filter rules to quarantine messages that contain card data

Configure the outgoing mail filter to allow attachments only to addresses on the whitelist

Remove all external recipients from the employee's address book

Set the outgoing mail filter to strip spreadsheet attachments from all messages.

Page 4 of 4

31. Which of the following is MOST closely related to the concept of privacy?

An individual's control over personal information

A policy implementing strong identity management processes

A system's ability to protect the confidentiality of sensitive information

The implementation of confidentiality, integrity, and availability

32. An organization developed a comprehensive modern response policy Executive management approved the policy and its associated procedures.

Which of the following activities would be MOST beneficial to evaluate personnel's familiarity with incident response procedures?

A simulated breach scenario evolving the incident response team

Completion of annual information security awareness training by ail employees

Tabtetop activities involving business continuity team members

Completion of lessons-learned documentation by the computer security incident response team

External and internal penetration testing by a third party

33. A security analyst is generating a list of recommendations for the company's insecure API.

Which of the following is the BEST parameter mitigation rec

Implement parameterized queries.

Use effective authentication and authorization methods.

Validate all incoming data.

Use TLs for all data exchanges.

34. A team of security analysis has been alerted to potential malware activity. The initial examination indicates one of the affected workstations on beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445.

Which of the following should be the team's NEXT step during the detection phase of this response process?

Escalate the incident to management, who will then engage the network infrastructure team to keep them informed

Depending on system critically remove each affected device from the network by disabling wired and wireless connections

Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses Identify potentially affected systems by creating a correlation

Identify potentially affected system by creating a correlation search in the SIEM based on the network traffic.

35. Which of the following technologies can be used to house the entropy keys for disk encryption on desktops and laptops?

Self-encrypting drive

Bus encryption

TPM

HSM

Welcome To Choose Required IT Certification Exams Online

Latest CompTIA CySA+ Study Guide CS0-002 Exam Questions

Below Are The CS0-002 Free Questions, You Can Test By Yourself

Author