Summer Special Sales Coupon - 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s55disc

CS0-002 PDF

$49.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

CS0-002 PDF + Testing Engine

$79.2

$175.99

3 Months Free Update

  • Exam Name: CompTIA CySA+ Certification Exam (CS0-002)
  • Last Update: Aug 15, 2022
  • Questions and Answers: 432
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

CS0-002 Engine

$59.4

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

CS0-002 CompTIA CySA+ Certification Exam (CS0-002) Questions and Answers

Question # 6

An organization is upgrading its network and all of its workstations. The project will occur in phases, with infrastructure upgrades each month and workstation installs every other week. The schedule should accommodate the enterprise-wide changes, while minimizing the impact to the network. Which of the following schedules BEST addresses these requirements?

A.

Monthly topology scans, biweekly host discovery scans, weekly vulnerability scans

B.

Monthly vulnerability scans, biweekly topology scans, daily host discovery scans

C.

Monthly host discovery scans; biweekly vulnerability scans, monthly topology scans

D.

Monthly topology scans, biweekly host discovery scans, monthly vulnerability scans

Full Access
Question # 7

A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance software as identified from the firewall logs but the destination IP is blocked and not captured. Which of the following should the analyst do?

A.

Shut down the computer

B.

Capture live data using Wireshark

C.

Take a snapshot

D.

Determine if DNS logging is enabled.

E.

Review the network logs.

Full Access
Question # 8

A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two

compromised devices.

Which of the following should be used to identify the traffic?

A.

Carving

B.

Disk imaging

C.

Packet analysis

D.

Memory dump

E.

Hashing

Full Access
Question # 9

A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:

CS0-002 question answer

Which of the following can the analyst conclude?

A.

Malware is attempting to beacon to 128.50.100.3.

B.

The system is running a DoS attack against ajgidwle.com.

C.

The system is scanning ajgidwle.com for PII.

D.

Data is being exfiltrated over DNS.

Full Access
Question # 10

A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet.

Which of the following solutions would meet this requirement?

A.

Establish a hosted SSO.

B.

Implement a CASB.

C.

Virtualize the server.

D.

Air gap the server.

Full Access
Question # 11

An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to attain the desired outcome?

A.

Duplicate all services in another instance and load balance between the instances.

B.

Establish a hot site with active replication to another region within the same cloud provider.

C.

Set up a warm disaster recovery site with the same cloud provider in a different region

D.

Configure the systems with a cold site at another cloud provider that can be used for failover.

Full Access
Question # 12

An organization has several systems that require specific logons Over the past few months, the security analyst has noticed numerous failed logon attempts followed by password resets. Which of the following should the analyst do to reduce the occurrence of legitimate failed logons and password resets?

A.

Use SSO across all applications

B.

Perform a manual privilege review

C.

Adjust the current monitoring and logging rules

D.

Implement multifactor authentication

Full Access
Question # 13

A company wants to establish a threat-hunting team. Which of the following BEST describes the rationale for integration intelligence into hunt operations?

A.

It enables the team to prioritize the focus area and tactics within the company’s environment.

B.

It provide critically analyses for key enterprise servers and services.

C.

It allow analysis to receive updates on newly discovered software vulnerabilities.

D.

It supports rapid response and recovery during and followed an incident.

Full Access
Question # 14

An executive assistant wants to onboard a new cloud based product to help with business analytics and dashboarding. When of the following would be the BEST integration option for the service?

A.

Manually log in to the service and upload data files on a regular basis.

B.

Have the internal development team script connectivity and file translate to the new service.

C.

Create a dedicated SFTP sue and schedule transfers to ensue file transport security

D.

Utilize the cloud products API for supported and ongoing integrations

Full Access
Question # 15

A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer datA. Developers use personal workstations, giving the company little to no visibility into the development activities.

Which of the following would be BEST to implement to alleviate the CISO's concern?

A.

DLP

B.

Encryption

C.

Test data

D.

NDA

Full Access
Question # 16

An analyst has been asked to provide feedback regarding the control required by a revised regulatory framework At this time, the analyst only needs to focus on the technical controls. Which of the following should the analyst provide an assessment of?

A.

Tokenization of sensitive data

B.

Establishment o' data classifications

C.

Reporting on data retention and purging activities

D.

Formal identification of data ownership

E.

Execution of NDAs

Full Access
Question # 17

A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application.

Which of the following is a security concern when using a PaaS solution?

A.

The use of infrastructure-as-code capabilities leads to an increased attack surface.

B.

Patching the underlying application server becomes the responsibility of the client.

C.

The application is unable to use encryption at the database level.

D.

Insecure application programming interfaces can lead to data compromise.

Full Access
Question # 18

A cybersecurity analyst is contributing to a team hunt on an organization's endpoints.

Which of the following should the analyst do FIRST?

A.

Write detection logic.

B.

Establish a hypothesis.

C.

Profile the threat actors and activities.

D.

Perform a process analysis.

Full Access
Question # 19

A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Bing Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of being compromised. Which of the following is the value of this risk?

A.

$75.000

B.

$300.000

C.

$1.425 million

D.

$1.5 million

Full Access
Question # 20

A security analyst has received reports of very slow, intermittent access to a public-facing corporate server. Suspecting the system may be compromised, the analyst runs the following commands:

CS0-002 question answer

Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?

A.

Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.

B.

Examine the server logs for further indicators of compromise of a web application.

C.

Run kill -9 1325 to bring the load average down so the server is usable again.

D.

Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.

Full Access
Question # 21

An organization recently discovered some inconsistencies in the motherboards it received from a vendor. The organization's security team then provided guidance on how to ensure the authenticity of the motherboards it received from vendors.

Which of the following would be the BEST recommendation for the security analyst to provide'?

A.

The organization should evaluate current NDAs to ensure enforceability of legal actions.

B.

The organization should maintain the relationship with the vendor and enforce vulnerability scans.

C.

The organization should ensure all motherboards are equipped with a TPM.

D.

The organization should use a certified, trusted vendor as part of the supply chain.

Full Access
Question # 22

A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company's network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?

A.

The server is receiving a secure connection using the new TLS 1.3 standard

B.

Someone has configured an unauthorized SMTP application over SSL

C.

The traffic is common static data that Windows servers send to Microsoft

D.

A connection from the database to the web front end is communicating on the port

Full Access
Question # 23

A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:

CS0-002 question answer

Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

A.

PC1

B.

PC2

C.

Server1

D.

Server2

E.

Firewall

Full Access
Question # 24

A security analyst has received information from a third-party intelligence-sharing resource that indicates employee accounts were breached.

Which of the following is the NEXT step the analyst should take to address the issue?

A.

Audit access permissions for all employees to ensure least privilege.

B.

Force a password reset for the impacted employees and revoke any tokens.

C.

Configure SSO to prevent passwords from going outside the local network.

D.

Set up privileged access management to ensure auditing is enabled.

Full Access
Question # 25

The Chief Information Officer (CIO) of a large healthcare institution is concerned about all machines having direct access to sensitive patient information. Which of the following should the security analyst implement to BEST mitigate the risk of sensitive data exposure?

A.

A cloud access service broker system

B.

NAC to ensure minimum standards are met

C.

MFA on all workstations

D.

Network segmentation

Full Access
Question # 26

A company's security administrator needs to automate several security processes related to testing for the existence of changes within the environment Conditionally other processes will need to be created based on input from prior processes

Which of the following is the BEST method for accomplishing this task?

A.

Machine learning and process monitoring

B.

API integration and data enrichment

C.

Workflow orchestration and scripting

D.

Continuous integration and configuration management

Full Access
Question # 27

Which of the following session management techniques will help to prevent a session identifier from being stolen via an XSS attack?

A.

Ensuring the session identifier length is sufficient

B.

Creating proper session identifier entropy

C.

Applying a secure attribute on session cookies

D.

Utilizing transport layer encryption on all requests

E.

Implementing session cookies with the HttpOnly flag

Full Access
Question # 28

An organization wants to mitigate against risks associated with network reconnaissance. ICMP is already blocked at the firewall; however, a penetration testing team has been able to perform reconnaissance against the organization’s network and identify active hosts. An analyst sees the following output from a packet capture:

CS0-002 question answer

Which of the following phrases from the output provides information on how the testing team is successfully getting around the ICMP firewall rule?

A.

flags=RA indicates the testing team is using a Christmas tree attack

B.

ttl=64 indicates the testing team is setting the time to live below the firewall’s threshold

C.

0 data bytes indicates the testing team is crafting empty ICMP packets

D.

NO FLAGS are set indicates the testing team is using hping

Full Access
Question # 29

A security analyst is reviewing the following DNS logs as part of security-monitoring activities:

CS0-002 question answer

Which of the following MOST likely occurred?

A.

The attack used an algorithm to generate command and control information dynamically.

B.

The attack used encryption to obfuscate the payload and bypass detection by an IDS.

C.

The attack caused an internal host to connect to a command and control server.

D.

The attack attempted to contact www.gooqle com to verify Internet connectivity.

Full Access
Question # 30

As part of a review of incident response plans, which of the following is MOST important for an organization to understand when establishing the breach notification period?

A.

Organizational policies

B.

Vendor requirements and contracts

C.

Service-level agreements

D.

Legal requirements

Full Access
Question # 31

A large insurance company wants to outsource its claim-handling operations to an overseas third-party organization Which of the following would BEST help to reduce the chance of highly sensitive data leaking?

A.

Configure a VPN between the third party organization and the internal company network

B.

Set up a VDI that the third party must use to interact with company systems.

C.

Use MFA to protect confidential company information from being leaked.

D.

Implement NAC to ensure connecting systems have malware protection

E.

Create jump boxes that are used by the third-party organization so it does not connect directly.

Full Access
Question # 32

A security engineer is reviewing security products that identify malicious actions by users as part of a company's insider threat program. Which of the following is the MOST appropriate product category for this purpose?

A.

SOAR

B.

WAF

C.

SCAP

D.

UEBA

Full Access
Question # 33

A user reports the system is behaving oddly following the installation of an approved third-party software application. The application executable was sourced from an internal repository Which of the following will ensure the application is valid?

A.

Ask the user to refresh the existing definition file for the antivirus software

B.

Perform a malware scan on the file in the internal repository

C.

Hash the application's installation file and compare it to the hash provided by the vendor

D.

Remove the user's system from the network to avoid collateral contamination

Full Access
Question # 34

A malicious artifact was collected during an incident response procedure. A security analyst is unable to run it in a sandbox to understand its features and method of operation. Which of the following procedures is the BEST approach to perform a further analysis of the malware's capabilities?

A.

Reverse engineering

B.

Dynamic analysis

C.

Strings extraction

D.

Static analysis

Full Access
Question # 35

Malware is suspected on a server in the environment.

The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers may be malware.

INSTRUCTIONS

Servers 1, 2, and 4 are clickable. Select the Server and the process that host the malware.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

CS0-002 question answer

CS0-002 question answer

CS0-002 question answer

CS0-002 question answer

Full Access
Question # 36

A security analyst receives an alert from the SIEM about a possible attack happening on the network The analyst opens the alert and sees the IP address of the suspected server as 192.168.54.66. which is part of the network 192 168 54 0/24. The analyst then pulls all the command history logs from that server and sees the following

CS0-002 question answer

Which of the following activities is MOST likely happening on the server?

A.

A MITM attack

B.

Enumeration

C.

Fuzzing

D.

A vulnerability scan

Full Access
Question # 37

A software development team asked a security analyst to review some code for security vulnerabilities. Which of the following would BEST assist the security analyst while performing this task?

A.

Static analysis

B.

Dynamic analysis

C.

Regression testing

D.

User acceptance testing

Full Access
Question # 38

In system hardening, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

A.

SCAP

B.

Burp Suite

C.

OWASP ZAP

D.

Unauthenticated

Full Access
Question # 39

A security analyst received a series of antivirus alerts from a workstation segment, and users reported ransomware messages. During lessons- learned activities, the analyst determines the antivirus was able to alert to abnormal behavior but did not stop this newest variant of ransomware. Which of the following actions should be taken to BEST mitigate the effects of this type of threat in the future?

A.

Enabling application blacklisting

B.

Enabling sandboxing technology

C.

Purchasing cyber insurance

D.

Installing a firewall between the workstations and Internet

Full Access
Question # 40

A security learn implemented a SCM as part for its security-monitoring program there is a requirement to integrate a number of sources Into the SIEM to provide better context relative to the events being processed. Which of the following B€ST describes the result the security learn hopes to accomplish by adding these sources?

A.

Data enrichment

B.

Continuous integration

C.

Machine learning

D.

Workflow orchestration

Full Access
Question # 41

A threat intelligence analyst has received multiple reports that are suspected to be about the same advanced persistent threat. To which of the following steps in the intelligence cycle would this map?

A.

Dissemination

B.

Analysis

C.

Feedback

D.

Requirements

E.

Collection

Full Access
Question # 42

Which of the following sources will provide the MOST relevant threat intelligence data to the security team of a dental care network?

A.

Open threat exchange

B.

H-ISAC

C.

Dark web chatter

D.

Dental forums

Full Access
Question # 43

An analyst needs to provide a recommendation that will allow a custom-developed application to have full access to the system's processors and peripherals but still be contained securely from other applications that will be developed. Which of the following is the BEST technology for the analyst to recommend?

A.

Software-based drive encryption

B.

Hardware security module

C.

Unified Extensible Firmware Interface

D.

Trusted execution environment

Full Access
Question # 44

While conoXicting a cloud assessment, a security analyst performs a Prowler scan, which generates the following within the report:

CS0-002 question answer

Based on the Prowler report, which of the following is the BEST recommendation?

A.

Delete Cloud Dev access key 1

B.

Delete BusinessUsr access key 1.

C.

Delete access key 1.

D.

Delete access key 2.

Full Access
Question # 45

A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations. Which of the following would work BEST to prevent this type of Incident in the future?

A.

Implement a UTM instead of a stateful firewall and enable gateway antivirus.

B.

Back up the workstations to facilitate recovery and create a gold Image.

C.

Establish a ransomware awareness program and implement secure and verifiable backups.

D.

Virtualize all the endpoints with dairy snapshots of the virtual machines.

Full Access
Question # 46

A company wants to ensure confidential data from its storage media files is sanitized so the drives cannot oe reused. Which of the following is the BEST approach?

A.

Degaussing

B.

Shreoding

C.

Formatting

D.

Encrypting

Full Access
Question # 47

The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the company's singe internet connection. Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT Department?

A.

Require the guest machines to install the corporate-owned EDR solution.

B.

Configure NAC to only alow machines on the network that are patched and have active antivirus.

C.

Place a firewall In between the corporate network and the guest network

D.

Configure the IPS with rules that will detect common malware signatures traveling from the guest network.

Full Access
Question # 48

An analyst is reviewing the following output as part of an incident:

CS0-002 question answer

Which of the Wowing is MOST likely happening?

A.

The hosts are part of a reflective denial -of -service attack.

B.

Information is leaking from the memory of host 10.20 30.40

C.

Sensitive data is being exfilltrated by host 192.168.1.10.

D.

Host 291.168.1.10 is performing firewall port knocking.

Full Access
Question # 49

An incident response team detected malicious software that could have gained access to credit card data. The incident response team was able to mitigate significant damage and implement corrective actions. By having incident response mechanisms in place. Which of the following should be notified for lessons learned?

A.

The human resources department

B.

Customers

C.

Company leadership

D.

The legal team

Full Access
Question # 50

During an incident response procedure, a security analyst collects a hard drive to analyze a possible vector of compromise. There is a Linux swap partition on the hard drive that needs to be checked. Which of the following, should the analyst use to extract human-readable content from the partition?

A.

strings

B.

head

C.

fsstat

D.

dd

Full Access
Question # 51

While implementing a PKI for a company, a security analyst plans to utilize a dedicated server as the certAcate authority that is only used to sign intermediate certificates. Which of the following are the MOST secure states for the certificate authority server when it is not in use? (Select TWO)

A.

On a private VLAN

B.

Full disk encrypted

C.

Powered off

D.

Backed up hourly

E.

VPN accessible only

F.

Air gapped

Full Access
Question # 52

Which of the following types of controls defines placing an ACL on a file folder?

A.

Technical control

B.

Confidentiality control

C.

Managerial control

D.

Operational control

Full Access
Question # 53

The Chief Information Security Officer (CISO) of a large financial institution is seeking a solution that will block a predetermined set of data points from being transferred or downloaded by employees. The CISO also wants to track the data assets by name, type, content, or data profile.

Which of the following BEST describes what the CIS wants to purchase?

A.

Asset tagging

B.

SIEM

C.

File integrity monitor

D.

DLP

Full Access
Question # 54

As part of an Intelligence feed, a security analyst receives a report from a third-party trusted source. Within the report are several detrains and reputational information that suggest the company's employees may be targeted for a phishing campaign. Which of the following configuration changes would be the MOST appropriate for Mergence gathering?

A.

Update the whitelist.

B.

Develop a malware signature.

C.

Sinkhole the domains

D.

Update the Blacklist

Full Access
Question # 55

Company A is m the process of merging with Company B As part of the merger, connectivity between the ERP systems must be established so portent financial information can be shared between the two entitles. Which of the following will establish a more automated approach to secure data transfers between the two entities?

A.

Set up an FTP server that both companies can access and export the required financial data to a folder.

B.

Set up a VPN between Company A and Company B. granting access only lo the ERPs within the connection

C.

Set up a PKI between Company A and Company B and Intermediate shared certificates between the two entities

D.

Create static NATs on each entity's firewalls that map lo the ERP systems and use native ERP authentication to allow access.

Full Access
Question # 56

A company has alerted planning the implemented a vulnerability management procedure. However, to security maturity level is low, so there are some prerequisites to complete before risk calculation and prioritization. Which of the following should be completed FIRST?

A.

A business Impact analysis

B.

A system assessment

C.

Communication of the risk factors

D.

A risk identification process

Full Access
Question # 57

A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization:

CS0-002 question answer

CS0-002 question answer

Which of the following technologies would MOST likely be used to prevent this phishing attempt?

A.

DNSSEC

B.

DMARC

C.

STP

D.

S/IMAP

Full Access
Question # 58

After examining a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using?

A.

Header analysis

B.

File carving

C.

Metadata analysis

D.

Data recovery

Full Access
Question # 59

Which of the following describes the mam difference between supervised and unsupervised machine-learning algorithms that are used in cybersecurity applications?

A.

Supervised algorithms can be used to block attacks, while unsupervised algorithms cannot.

B.

Supervised algorithms require security analyst feedback, while unsupervised algorithms do not.

C.

Unsupervised algorithms are not suitable for IDS systems, white supervised algorithms are

D.

Unsupervised algorithms produce more false positives. Than supervised algorithms.

Full Access
Question # 60

A company's domain has been spooled in numerous phishing campaigns. An analyst needs to determine the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that fails DMARC upon review of the record, the analyst finds the following:

CS0-002 question answer

Which of the following BEST explains the reason why the company's requirements are not being processed correctly by mailbox providers?

A.

The DMARC record's DKIM alignment tag Is incorrectly configured.

B.

The DMARC record's policy tag is incorrectly configured.

C.

The DMARC record does not have an SPF alignment lag.

D.

The DMARC record's version tag is set to DMARC1 instead of the current version, which is DMARC3.

Full Access
Question # 61

A security administrator needs to provide access from partners to an Isolated laboratory network inside an organization that meets the following requirements:

• The partners' PCs must not connect directly to the laboratory network.

• The tools the partners need to access while on the laboratory network must be available to all partners

• The partners must be able to run analyses on the laboratory network, which may take hours to complete

Which of the following capabilities will MOST likely meet the security objectives of the request?

A.

Deployment of a jump box to allow access to the laboratory network and use of VDI in persistent mode to provide the necessary tools for analysis

B.

Deployment of a firewall to allow access to the laboratory network and use of VDI in non-persistent mode to provide the necessary tools tor analysis

C.

Deployment of a firewall to allow access to the laboratory network and use of VDI In persistent mode to provide the necessary tools for analysis

D.

Deployment of a jump box to allow access to the Laboratory network and use of VDI in non-persistent mode to provide the necessary tools for analysis

Full Access
Question # 62

A computer hardware manufacturer developing a new SoC that will be used by mobile devices. The SoC should not allow users or the process to downgrade from a newer firmware to an older one. Which of the following can the hardware manufacturer implement to prevent firmware downgrades?

A.

Encryption

B.

eFuse

C.

Secure Enclave

D.

Trusted execution

Full Access
Question # 63

Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.)

A.

Parameterized queries

B.

Session management

C.

Input validation

D.

Output encoding

E.

Data protection

F.

Authentication

Full Access
Question # 64

A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company's server.

Which of the following is the FIRST step the analyst should take?

A.

Create a full disk image of the server's hard drive to look for the file containing the malware.

B.

Run a manual antivirus scan on the machine to look for known malicious software.

C.

Take a memory snapshot of the machine to capture volatile information stored in memory.

D.

Start packet capturing to look for traffic that could be indicative of command and control from the miner.

Full Access