Best October Special Limited Time 50% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s50disc

CS0-002 PDF

$47.5

$94.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

CS0-002 PDF + Testing Engine

$70

$139.99

3 Months Free Update

  • Exam Name: CompTIA CySA+ Certification Exam (CS0-002)
  • Last Update: Oct 20, 2021
  • Questions and Answers: 298
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

CS0-002 Engine

$55

$109.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

CS0-002 CompTIA CySA+ Certification Exam (CS0-002) Questions and Answers

Question # 4

A pharmaceutical company's marketing team wants to send out notifications about new products to alert users of recalls and newly discovered adverse drug reactions. The team plans to use the names and mailing addresses that users have provided.

Which of the following data privacy standards does this violate?

A.

Purpose limitation

B.

Sovereignty

C.

Data minimization

D.

Retention

Full Access
Question # 5

Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII?

A.

Human resources

B.

Public relations

C.

Marketing

D.

Internal network operations center

Full Access
Question # 6

The Cruel Executive Officer (CEO) of a large insurance company has reported phishing emails that contain malicious links are targeting the entire organza lion Which of the following actions would work BEST to prevent against this type of attack?

A.

Turn on full behavioral analysis to avert an infection

B.

Implement an EOR mail module that will rewrite and analyze email links.

C.

Reconfigure the EDR solution to perform real-time scanning of all files

D.

Ensure EDR signatures are updated every day to avert infection.

E.

Modify the EDR solution to use heuristic analysis techniques for malware.

Full Access
Question # 7

A bad actor bypasses authentication and reveals all records in a database through an SQL injection. Implementation of which of the following would work BEST to prevent similar attacks in

A.

Strict input validation

B.

Blacklisting

C.

SQL patching

D.

Content filtering

E.

Output encoding

Full Access
Question # 8

A security analyst implemented a solution that would analyze the attacks that the organization’s firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command.

S sudo nc -1 -v -c maildemon . py 25 caplog, txt

Which of the following solutions did the analyst implement?

A.

Log collector

B.

Crontab mail script

C.

Snikhole

D.

Honeypot

Full Access
Question # 9

A security analyst needs to identify possible threats to a complex system a client is developing. Which of the following methodologies would BEST address this task?

A.

Open Source Security Information Management (OSSIM)

B.

Software Assurance Maturity Model (SAMM)

C.

Open Web Application Security Project (OWASP)

D.

Spoofing, Tampering. Repudiation, Information disclosure. Denial of service, Elevation of privileges (STRIDE)

Full Access
Question # 10

An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint. Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?

A.

Patching logs

B.

Threat feed

C.

Backup logs

D.

Change requests

E.

Data classification matrix

Full Access
Question # 11

A security analyst receives a CVE bulletin, which lists several products that are used in the enterprise. The analyst immediately deploys a critical security patch. Which of the following BEST describes the reason for the analyst's immediate action?

A.

A known exploit was discovered.

B.

There is an insider threat.

C.

Nation-state hackers are targeting the region.

D.

A new zero-day threat needs to be addressed.

E.

A new vulnerability was discovered by a vendor.

Full Access
Question # 12

While preparing of an audit of information security controls in the environment an analyst outlines a framework control that has the following requirements:

• All sensitive data must be classified

• All sensitive data must be purged on a quarterly basis

• Certificates of disposal must remain on file for at least three years

This framework control is MOST likely classified as:

A.

prescriptive

B.

risk-based

C.

preventive

D.

corrective

Full Access
Question # 13

The help desk noticed a security analyst that emails from a new email server are not being sent out. The new email server was recently added to the existing ones. The analyst runs the following command on the new server.

Given the output, which of the following should the security analyst check NEXT?

A.

The DNS name of the new email server

B.

The version of SPF that is being used

C.

The IP address of the new email server

D.

The DMARC policy

Full Access
Question # 14

A security analyst on the threat-hunting team has developed a list of unneeded, benign services that are currently running as part of the standard OS deployment for workstations. The analyst will provide this list to the operations team to create a policy that will automatically disable the services for all workstations in the organization.

Which of the following BEST describes the security analyst's goal?

A.

To create a system baseline

B.

To reduce the attack surface

C.

To optimize system performance

D.

To improve malware detection

Full Access
Question # 15

An organization that handles sensitive financial information wants to perform tokenization of data to enable the execution of recurring transactions. The organization is most interested m a secure, built-in device to support its solution. Which of the following would MOST likely be required to perform the desired function?

A.

TPM

B.

eFuse

C.

FPGA

D.

HSM

E.

UEFI

Full Access
Question # 16

An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets.

Which of the following should be considered FIRST prior to disposing of the electronic data?

A.

Sanitization policy

B.

Data sovereignty

C.

Encryption policy

D.

Retention standards

Full Access
Question # 17

An organization recently discovered some inconsistencies in the motherboards it received from a vendor. The organization's security team then provided guidance on how to ensure the authenticity of the motherboards it received from vendors.

Which of the following would be the BEST recommendation for the security analyst to provide'?

A.

The organization should evaluate current NDAs to ensure enforceability of legal actions.

B.

The organization should maintain the relationship with the vendor and enforce vulnerability scans.

C.

The organization should ensure all motherboards are equipped with a TPM.

D.

The organization should use a certified, trusted vendor as part of the supply chain.

Full Access
Question # 18

Which of the following BEST describes the process by which code is developed, tested, and deployed in small batches?

A.

Agile

B.

Waterfall

C.

SDLC

D.

Dynamic code analysis

Full Access
Question # 19

An organization suspects it has had a breach, and it is trying to determine the potential impact. The organization knows the following:

  • The source of the breach is linked to an IP located in a foreign country.
  • The breach is isolated to the research and development servers.
  • The hash values of the data before and after the breach are unchanged.
  • The affected servers were regularly patched, and a recent scan showed no vulnerabilities.

Which of the following conclusions can be drawn with respect to the threat and impact? (Choose two.)

A.

The confidentiality of the data is unaffected.

B.

The threat is an APT.

C.

The source IP of the threat has been spoofed.

D.

The integrity of the data is unaffected.

E.

The threat is an insider.

Full Access
Question # 20

A contained section of a building is unable to connect to the Internet A security analyst. A security analyst investigates me issue but does not see any connections to the corporate web proxy However the analyst does notice a small spike in traffic to the Internet. The help desk technician verifies all users are connected to the connect SSID. but there are two of the same SSIDs listed in the network connections. Which of the following BEST describes what is occurring?

A.

Bandwidth consumption

B.

Denial of service

C.

Beaconing

D.

Rogue device on the network

Full Access
Question # 21

A SIEM solution alerts a security analyst of a high number of login attempts against the company's webmail portal. The analyst determines the login attempts used credentials from a past data breach.

Which of the following is the BEST mitigation to prevent unauthorized access?

A.

Single sign-on

B.

Mandatory access control

C.

Multifactor authentication

D.

Federation

E.

Privileged access management

Full Access
Question # 22

An incident responder successfully acquired application binaries off a mobile device for later forensic analysis.

Which of the following should the analyst do NEXT?

A.

Decompile each binary to derive the source code.

B.

Perform a factory reset on the affected mobile device.

C.

Compute SHA-256 hashes for each binary.

D.

Encrypt the binaries using an authenticated AES-256 mode of operation.

E.

Inspect the permissions manifests within each application.

Full Access
Question # 23

An organization supports a large number of remote users. Which of the following is the BEST option to protect the data on the remote users1 laptops?

A.

Use whole disk encryption.

B.

Require the use of VPNs.

C.

Require employees to sign an NDA.

D.

implement a DLP solution.

Full Access
Question # 24

During an investigation, an incident responder intends to recover multiple pieces of digital mediA. Before removing the media, the responder should initiate:

A.

malware scans.

B.

secure communications.

C.

chain of custody forms.

D.

decryption tools.

Full Access
Question # 25

A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server to achieve the highest level of security To BEST complete this task, the analyst should place the:

A.

firewall behind the VPN server

B.

VPN server parallel to the firewall

C.

VPN server behind the firewall

D.

VPN on the firewall

Full Access
Question # 26

A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources.

Which of the following BEST describes this attack?

A.

Injection attack

B.

Memory corruption

C.

Denial of service

D.

Array attack

Full Access
Question # 27

A security analyst receives an alert to expect increased and highly advanced cyberattacks originating from a foreign country that recently had sanctions implemented. Which of the following describes the type of threat actors that should concern the security analyst?

A.

Hacktivist

B.

Organized crime

C.

Insider threat

D.

Nation-state

Full Access
Question # 28

A security analyst is reviewing the logs from an internal chat server. The chat.log file is too large to review manually, so the analyst wants to create a shorter log file that only includes lines associated with a user demonstrating anomalous activity. Below is a snippet of the log:

Which of the following commands would work BEST to achieve the desired result?

A.

grep -v chatter14 chat.log

B.

grep -i pythonfun chat.log

C.

grep -i javashark chat.log

D.

grep -v javashark chat.log

E.

grep -v pythonfun chat.log

F.

grep -i chatter14 chat.log

Full Access
Question # 29

A company recently experienced a break-in whereby a number of hardware assets were stolen through unauthorized access at the back of the building. Which of the following would BEST prevent this type of theft from occurring in the future?

A.

Motion detection

B.

Perimeter fencing

C.

Monitored security cameras

D.

Badged entry

Full Access
Question # 30

The computer incident response team at a multinational company has determined that a breach of sensitive data has occurred in which a threat actor has compromised the organization’s email system. Per the incident response procedures, this breach requires notifying the board immediately. Which of the following would be the BEST method of communication?

A.

Post of the company blog

B.

Corporate-hosted encrypted email

C.

VoIP phone call

D.

Summary sent by certified mail

E.

Externally hosted instant message

Full Access
Question # 31

A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties.

Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)

A.

Executing vendor compliance assessments against the organization's security controls

B.

Executing NDAs prior to sharing critical data with third parties

C.

Soliciting third-party audit reports on an annual basis

D.

Maintaining and reviewing the organizational risk assessment on a quarterly basis

E.

Completing a business impact assessment for all critical service providers

F.

Utilizing DLP capabilities at both the endpoint and perimeter levels

Full Access
Question # 32

A cybersecurity analyst needs to determine whether a large file named access log from a web server contains the following loC:

../../../../bin/bash

Which of the following commands can be used to determine if the string is present in the log?

A.

echo access.log | grep "../../../../bin/bash"

B.

grep "../../../../bin/bash" 1 cat access.log

C.

grep "../../../. ./bin/bash" < access.log

D.

cat access.log > grep "../../../ ../bin/bash"

Full Access
Question # 33

As part of an exercise set up by the information security officer, the IT staff must move some of the network systems to an off-site facility and redeploy them for testing. All staff members must ensure their respective systems can power back up and match their gold image. If they find any inconsistencies, they must formally document the information.

Which of the following BEST describes this test?

A.

Walk through

B.

Full interruption

C.

Simulation

D.

Parallel

Full Access
Question # 34

A large insurance company wants to outsource its claim-handling operations to an overseas third-party organization Which of the following would BEST help to reduce the chance of highly sensitive data leaking?

A.

Configure a VPN between the third party organization and the internal company network

B.

Set up a VDI that the third party must use to interact with company systems.

C.

Use MFA to protect confidential company information from being leaked.

D.

Implement NAC to ensure connecting systems have malware protection

E.

Create jump boxes that are used by the third-party organization so it does not connect directly.

Full Access
Question # 35

A security analyst needs to reduce the overall attack surface.

Which of the following infrastructure changes should the analyst recommend?

A.

Implement a honeypot.

B.

Air gap sensitive systems.

C.

Increase the network segmentation.

D.

Implement a cloud-based architecture.

Full Access
Question # 36

Which of the following is the use of tools to simulate the ability for an attacker to gain access to a specified network?

A.

Reverse engineering

B.

Fuzzing

C.

Penetration testing

D.

Network mapping

Full Access
Question # 37

While analyzing network traffic, a security analyst discovers several computers on the network are connecting to a malicious domain that was blocked by a DNS sinkhole. A new private IP range is now visible, but no change requests were made to add it. Which of the following is the BEST solution for the security analyst to implement?

A.

Block the domain IP at the firewall.

B.

Blacklist the new subnet

C.

Create an IPS rule.

D.

Apply network access control.

Full Access
Question # 38

An analyst needs to provide recommendations for the AUP Which of the following is the BEST recommendation to protect the company's intellectual property?

A.

Company assets must be stored in a locked cabinet when not in use.

B.

Company assets must not be utilized for personal use or gain.

C.

Company assets should never leave the company's property.

D.

AII Internet access must be via a proxy server.

Full Access
Question # 39

A system’s authority to operate (ATO) is set to expire in four days. Because of other activities and limited staffing, the organization has neglected to start reauthentication activities until now. The cybersecurity group just performed a vulnerability scan with the partial set of results shown below:

Based on the scenario and the output from the vulnerability scan, which of the following should the security team do with this finding?

A.

Remediate by going to the web config file, searching for the enforce HTTP validation setting, and manually updating to the correct setting.

B.

Accept this risk for now because this is a “high” severity, but testing will require more than the four days available, and the system ATO needs to be competed.

C.

Ignore it. This is false positive, and the organization needs to focus its efforts on other findings.

D.

Ensure HTTP validation is enabled by rebooting the server.

Full Access
Question # 40

A development team uses open-source software and follows an Agile methodology with two-week sprints. Last month, the security team filed a bug for an insecure version of a common library. The DevOps team updated the library on the server, and then the security team rescanned the server to verify it was no longer vulnerable. This month, the security team found the same vulnerability on the server.

Which of the following should be done to correct the cause of the vulnerability?

A.

Deploy a WAF in front of the application.

B.

Implement a software repository management tool.

C.

Install a HIPS on the server.

D.

Instruct the developers to use input validation in the code.

Full Access
Question # 41

A company's security officer needs to implement geographical IP blocks for nation-state actors from a foreign country On which of the following should the blocks be implemented'?

A.

Web content filter

B.

Access control list

C.

Network access control

D.

Data loss prevention

Full Access
Question # 42

A user reports a malware alert to the help desk A technician verifies the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes. Which of the following should the security analyst do NEXT?

A.

Document the procedures and walk through the incident training guide.

B.

Sanitize the workstation and verify countermeasures are restored

C.

Reverse engineer the malware to determine its purpose and risk to the organization.

D.

Isolate the workstation and issue a new computer to the user.

Full Access
Question # 43

A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.

Tool A reported the following:

Tool B reported the following:

Which of the following BEST describes the method used by each tool? (Choose two.)

A.

Tool A is agent based.

B.

Tool A used fuzzing logic to test vulnerabilities.

C.

Tool A is unauthenticated.

D.

Tool B utilized machine learning technology.

E.

Tool B is agent based.

F.

Tool B is unauthenticated.

Full Access