2022 Summer Express Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 5763r953

Welcome To DumpsPedia

CS0-002 Sample Questions Answers

Questions 4

A threat feed notes malicious actors have been infiltrating companies and exfiltration data to a specific set of domains Management at an organization wants to know if it is a victim Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?

Options:

A.

Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested

B.

Add the domains to a DNS sinkhole and create an alert m the SIEM toot when the domains are queried

C.

Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443

D.

Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information

Buy Now
Questions 5

The help desk noticed a security analyst that emails from a new email server are not being sent out. The new email server was recently added to the existing ones. The analyst runs the following command on the new server.

Given the output, which of the following should the security analyst check NEXT?

Options:

A.

The DNS name of the new email server

B.

The version of SPF that is being used

C.

The IP address of the new email server

D.

The DMARC policy

Buy Now
Questions 6

A company recently experienced a break-in whereby a number of hardware assets were stolen through unauthorized access at the back of the building. Which of the following would BEST prevent this type of theft from occurring in the future?

Options:

A.

Motion detection

B.

Perimeter fencing

C.

Monitored security cameras

D.

Badged entry

Buy Now
Questions 7

A security analyst discovers accounts in sensitive SaaS-based systems are not being removed in a timely manner when an employee leaves the organization To BEST resolve the issue, the organization should implement

Options:

A.

federated authentication

B.

role-based access control.

C.

manual account reviews

D.

multifactor authentication.

Buy Now
Questions 8

A cybersecurity analyst has access to several threat feeds and wants to organize them while simultaneously comparing intelligence against network traffic.

Which of the following would BEST accomplish this goal?

Options:

A.

Continuous integration and deployment

B.

Automation and orchestration

C.

Static and dynamic analysis

D.

Information sharing and analysis

Buy Now
Questions 9

Which of the following BEST describes the primary role ol a risk assessment as it relates to compliance with risk-based frameworks?

Options:

A.

It demonstrates the organization's mitigation of risks associated with internal threats.

B.

It serves as the basis for control selection.

C.

It prescribes technical control requirements.

D.

It is an input to the business impact assessment.

Buy Now
Questions 10

A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is comptiA.org. The testing is successful, and the security technician is prepared to fully implement the solution.

Which of the following actions should the technician take to accomplish this task?

Options:

A.

Add TXT @ "v=spf1 mx include:_spf.comptiA.org −all" to the DNS record.

B.

Add TXT @ "v=spf1 mx include:_spf.comptiA.org −all" to the email server.

C.

Add TXT @ "v=spf1 mx include:_spf.comptiA.org +all" to the domain controller.

D.

Add TXT @ "v=spf1 mx include:_spf.comptiA.org +all" to the web server.

Buy Now
Questions 11

An application server runs slowly and then triggers a high CPU alert. After investigating, a security analyst finds an unauthorized program is running on the server. The analyst reviews the application log below.

Which of the following conclusions is supported by the application log?

Options:

A.

An attacker was attempting to perform a buffer overflow attack to execute a payload in memory.

B.

An attacker was attempting to perform an XSS attack via a vulnerable third-party library.

C.

An attacker was attempting to download files via a remote command execution vulnerability

D.

An attacker was attempting to perform a DoS attack against the server.

Buy Now
Questions 12

As part of an organization’s information security governance process, a Chief Information Security Officer

(CISO) is working with the compliance officer to update policies to include statements related to new

regulatory and legal requirements. Which of the following should be done to BEST ensure all employees are

appropriately aware of changes to the policies?

Options:

A.

Conduct a risk assessment based on the controls defined in the newly revised policies

B.

Require all employees to attend updated security awareness training and sign an acknowledgement

C.

Post the policies on the organization’s intranet and provide copies of any revised policies to all active

vendors

D.

Distribute revised copies of policies to employees and obtain a signed acknowledgement from them

Buy Now
Questions 13

Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII?

Options:

A.

Human resources

B.

Public relations

C.

Marketing

D.

Internal network operations center

Buy Now
Questions 14

A company is moving from the use of web servers hosted in an internal datacenter to a containerized cloud platform. An analyst has been asked to identify indicators of compromise in the containerized environment. Which of the following would BEST indicate a running container has been compromised?

Options:

A.

A container from an approved software image has drifted

B.

An approved software orchestration container is running with root privileges

C.

A container from an approved software image has stopped responding

D.

A container from an approved software image fails to start

Buy Now
Questions 15

During a review of vulnerability scan results an analyst determines the results may be flawed because a control-baseline system which is used to evaluate a scanning tools effectiveness was reported as not vulnerable Consequently, the analyst verifies the scope of the scan included the control-baseline host which was available on the network during the scan. The use of a control-baseline endpoint in this scenario assists the analyst in confirming.

Options:

A.

verification of mitigation

B.

false positives

C.

false negatives

D.

the criticality index

E.

hardening validation.

Buy Now
Questions 16

An organisation is assessing risks so it can prioritize its mitigation actions. Following are the risks and their probability and impact:

Which of the following is the order of priority for risk mitigation from highest to lowest?

Options:

A.

A, B, C, D

B.

A, D, B, C

C.

B, C, A, D

D.

C, B, D, A

E.

D, A, C, B

Buy Now
Questions 17

While analyzing network traffic, a security analyst discovers several computers on the network are connecting to a malicious domain that was blocked by a DNS sinkhole. A new private IP range is now visible, but no change requests were made to add it. Which of the following is the BEST solution for the security analyst to implement?

Options:

A.

Block the domain IP at the firewall.

B.

Blacklist the new subnet

C.

Create an IPS rule.

D.

Apply network access control.

Buy Now
Questions 18

A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application.

Which of the following is a security concern when using a PaaS solution?

Options:

A.

The use of infrastructure-as-code capabilities leads to an increased attack surface.

B.

Patching the underlying application server becomes the responsibility of the client.

C.

The application is unable to use encryption at the database level.

D.

Insecure application programming interfaces can lead to data compromise.

Buy Now
Questions 19

An incident responder successfully acquired application binaries off a mobile device for later forensic analysis.

Which of the following should the analyst do NEXT?

Options:

A.

Decompile each binary to derive the source code.

B.

Perform a factory reset on the affected mobile device.

C.

Compute SHA-256 hashes for each binary.

D.

Encrypt the binaries using an authenticated AES-256 mode of operation.

E.

Inspect the permissions manifests within each application.

Buy Now
Questions 20

A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking

http:// /A.php in a phishing email.

To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the.

Options:

A.

email server that automatically deletes attached executables.

B.

IDS to match the malware sample.

C.

proxy to block all connections to .

D.

firewall to block connection attempts to dynamic DNS hosts.

Buy Now
Questions 21

A company’s data is still being exfiltered to business competitors after the implementation of a DLP solution. Which of the following is the most likely reason why the data is still being compromised?

Options:

A.

Printed reports from the database contain sensitive information

B.

DRM must be implemented with the DLP solution

C.

Users are not labeling the appropriate data sets

D.

DLP solutions are only effective when they are implemented with disk encryption

Buy Now
Questions 22

During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website.

Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in the future?

Options:

A.

An IPS signature modification for the specific IP addresses

B.

An IDS signature modification for the specific IP addresses

C.

A firewall rule that will block port 80 traffic

D.

A firewall rule that will block traffic from the specific IP addresses

Buy Now
Questions 23

A security analyst needs to reduce the overall attack surface.

Which of the following infrastructure changes should the analyst recommend?

Options:

A.

Implement a honeypot.

B.

Air gap sensitive systems.

C.

Increase the network segmentation.

D.

Implement a cloud-based architecture.

Buy Now
Questions 24

A storage area network (SAN) was inadvertently powered off while power maintenance was being performed in a datacenter. None of the systems should have lost all power during the maintenance. Upon review, it is discovered that a SAN administrator moved a power plug when testing the SAN's fault notification features.

Which of the following should be done to prevent this issue from reoccurring?

Options:

A.

Ensure both power supplies on the SAN are serviced by separate circuits, so that if one circuit goes down, the other remains powered.

B.

Install additional batteries in the SAN power supplies with enough capacity to keep the system powered on during maintenance operations.

C.

Ensure power configuration is covered in the datacenter change management policy and have the SAN

administrator review this policy.

D.

Install a third power supply in the SAN so loss of any power intuit does not result in the SAN completely powering off.

Buy Now
Questions 25

A security analyst is generating a list of recommendations for the company's insecure API. Which of the following is the BEST parameter mitigation rec

Options:

A.

Implement parameterized queries.

B.

Use effective authentication and authorization methods.

C.

Validate all incoming data.

D.

Use TLs for all data exchanges.

Buy Now
Questions 26

A security analyst needs to assess the web server versions on a list of hosts to determine which are running a vulnerable version of the software and output that list into an XML file named webserverlist.xml. The host list is provided in a file named webserverlist.txt. Which of the following Nmap commands would BEST accomplish this goal?

Options:

A.

nmap -iL webserverlist.txt -sC -p 443 -oX webserverlist.xml

B.

nmap -iL webserverlist.txt -sV -p 443 -oX webserverlist.xml

C.

nmap -iL webserverlist.txt -F -p 443 -oX webserverlist.xml

D.

nmap --takefile webserverlist.txt --outputfileasXML webserverlist.xml –scanports 443

Buy Now
Questions 27

An organization is upgrading its network and all of its workstations The project will occur in phases, with infrastructure upgrades each month and workstation installs every other week. The schedule should accommodate the enterprise-wide changes, while minimizing the impact to the network. Which of the following schedules BEST addresses these requirements?

Options:

A.

Monthly topology scans, biweekly host discovery scans, weekly vulnerability scans

B.

Monthly vulnerability scans, biweekly topology scans, daily host discovery scans

C.

Monthly host discovery scans; biweekly vulnerability scans, monthly topology scans

D.

Monthly topology scans, biweekly host discovery scans, monthly vulnerability scans

Buy Now
Questions 28

A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company's network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?

Options:

A.

The server is receiving a secure connection using the new TLS 1.3 standard

B.

Someone has configured an unauthorized SMTP application over SSL

C.

The traffic is common static data that Windows servers send to Microsoft

D.

A connection from the database to the web front end is communicating on the port

Buy Now
Questions 29

A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of the device, the security committee makes a risk- based policy decision to review and enforce the vendor upgrade before the end of life is reached.

Which of the following risk actions has the security committee taken?

Options:

A.

Risk exception

B.

Risk avoidance

C.

Risk tolerance

D.

Risk acceptance

Buy Now
Questions 30

Following a recent security breach, a company decides to investigate account usage to ensure privileged accounts are only being utilized during typical business hours. During the investigation, a security analyst determines an account was consistently utilized in the middle of the night.

Which of the following actions should the analyst take NEXT?

Options:

A.

Initiate the incident response plan.

B.

Disable the privileged account

C.

Report the discrepancy to human resources.

D.

Review the activity with the user.

Buy Now
Questions 31

A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:

Which of the following can the analyst conclude?

Options:

A.

Malware is attempting to beacon to 128.50.100.3.

B.

The system is running a DoS attack against ajgidwle.com.

C.

The system is scanning ajgidwle.com for PII.

D.

Data is being exfiltrated over DNS.

Buy Now
Questions 32

A critical server was compromised by malware, and all functionality was lost. Backups of this server were taken; however, management believes a logic bomb may have been injected by a rootkit. Which of the following should a security analyst perform to restore functionality quickly?

Options:

A.

Work backward, restoring each backup until the server is clean

B.

Restore the previous backup and scan with a live boot anti-malware scanner

C.

Stand up a new server and restore critical data from backups

D.

Offload the critical data to a new server and continue operations

Buy Now
Questions 33

A security analyst receives an alert that highly sensitive information has left the company's network Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times m the past month The affected servers are virtual machines Which of the following is the BEST course of action?

Options:

A.

Shut down the servers as soon as possible, move them to a clean environment, restart, run a vulnerability scanner to find weaknesses determine the root cause, remediate, and report

B.

Report the data exfiltration to management take the affected servers offline, conduct an antivirus scan, remediate all threats found, and return the servers to service.

C.

Disconnect the affected servers from the network, use the virtual machine console to access the systems, determine which information has left the network, find the security weakness, and remediate

D.

Determine if any other servers have been affected, snapshot any servers found, determine the vector that was used to allow the data exfiltration. fix any vulnerabilities, remediate, and report.

Buy Now
Questions 34

A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:

Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

Options:

A.

PC1

B.

PC2

C.

Server1

D.

Server2

E.

Firewall

Buy Now
Questions 35

An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application The working hypothesis is as follows:

• Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant target.

• The platform Is most likely vulnerable to poor patching and Inadequate server hardening, which expose vulnerable services.

• The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.

As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SOL injection attacks Which of the following BEST represents the technique in use?

Options:

A.

Improving detection capabilities

B.

Bundling critical assets

C.

Profiling threat actors and activities

D.

Reducing the attack surface area

Buy Now
Questions 36

A company wants to outsource a key human-resources application service to remote employees as a SaaS-based cloud solution. The company's GREATEST concern should be the SaaS provider's:

Options:

A.

DLP procedures.

B.

logging and monitoring capabilities.

C.

data protection capabilities.

D.

SLA for system uptime.

Buy Now
Questions 37

A security analyst needs to identify possible threats to a complex system a client is developing. Which of the following methodologies would BEST address this task?

Options:

A.

Open Source Security Information Management (OSSIM)

B.

Software Assurance Maturity Model (SAMM)

C.

Open Web Application Security Project (OWASP)

D.

Spoofing, Tampering. Repudiation, Information disclosure. Denial of service, Elevation of privileges (STRIDE)

Buy Now
Questions 38

An organization has not had an incident for several month. The Chief information Security Officer (CISO) wants to move to proactive stance for security investigations. Which of the following would BEST meet that goal?

Options:

A.

Root-cause analysis

B.

Active response

C.

Advanced antivirus

D.

Information-sharing community

E.

Threat hunting

Buy Now
Questions 39

A finance department employee has received a message that appears to have been sent from the Chief Financial Officer (CFO) asking the employee to perform a wife transfer Analysis of the email shows the message came from an external source and is fraudulent. Which of the following would work BEST to improve the likelihood of employees quickly recognizing fraudulent emails?

Options:

A.

Implementing a sandboxing solution for viewing emails and attachments

B.

Limiting email from the finance department to recipients on a pre-approved whitelist

C.

Configuring email client settings to display all messages in plaintext when read

D.

Adding a banner to incoming messages that identifies the messages as external

Buy Now
Questions 40

A security analyst has observed several incidents within an organization that are affecting one specific piece of hardware on the network. Further investigation reveals the equipment vendor previously released a patch.

Which of the following is the MOST appropriate threat classification for these incidents?

Options:

A.

Known threat

B.

Zero day

C.

Unknown threat

D.

Advanced persistent threat

Buy Now
Questions 41

D18912E1457D5D1DDCBD40AB3BF70D5D

A security analyst scanned an internal company subnet and discovered a host with the following Nmap output.

Based on the output of this Nmap scan, which of the following should the analyst investigate FIRST?

Options:

A.

Port 22

B.

Port 135

C.

Port 445

D.

Port 3389

Buy Now
Questions 42

An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets.

Which of the following should be considered FIRST prior to disposing of the electronic data?

Options:

A.

Sanitization policy

B.

Data sovereignty

C.

Encryption policy

D.

Retention standards

Buy Now
Questions 43

For machine learning to be applied effectively toward security analysis automation, it requires.

Options:

A.

relevant training data.

B.

a threat feed API.

C.

a multicore, multiprocessor system.

D.

anomalous traffic signatures.

Buy Now
Questions 44

You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.

The company's hardening guidelines indicate the following:

• TLS 1.2 is the only version of TLS running.

• Apache 2.4.18 or greater should be used.

• Only default ports should be used.

INSTRUCTIONS

Using the supplied data, record the status of compliance with the company's guidelines for each server.

The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.

Options:

Buy Now
Questions 45

An organization that handles sensitive financial information wants to perform tokenization of data to enable the execution of recurring transactions. The organization is most interested m a secure, built-in device to support its solution. Which of the following would MOST likely be required to perform the desired function?

Options:

A.

TPM

B.

eFuse

C.

FPGA

D.

HSM

E.

UEFI

Buy Now
Questions 46

A security analyst is investigating an incident that appears to have started with SOL injection against a publicly available web application. Which of the following is the FIRST step the analyst should take to prevent future attacks?

Options:

A.

Modify the IDS rules to have a signature for SQL injection.

B.

Take the server offline to prevent continued SQL injection attacks.

C.

Create a WAF rule In block mode for SQL injection

D.

Ask the developers to implement parameterized SQL queries.

Buy Now
Questions 47

An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds.

Which of the following can be inferred from this activity?

Options:

A.

10.200.2.0/24 is infected with ransomware.

B.

10.200.2.0/24 is not routable address space.

C.

10.200.2.5 is a rogue endpoint.

D.

10.200.2.5 is exfiltrating datA.

Buy Now
Questions 48

A developer wrote a script to make names and other Pll data unidentifiable before loading a database export into the testing system Which of the following describes the type of control that is being used?

Options:

A.

Data encoding

B.

Data masking

C.

Data loss prevention

D.

Data classification

Buy Now
Questions 49

The help desk provided a security analyst with a screenshot of a user's desktop:

For which of the following is aircrack-ng being used?

Options:

A.

Wireless access point discovery

B.

Rainbow attack

C.

Brute-force attack

D.

PCAP data collection

Buy Now
Exam Code: CS0-002
Exam Name: CompTIA CySA+ Certification Exam (CS0-002)
Last Update: May 16, 2022
Questions: 330
$72  $159.99
$54  $119.99
$45  $99.99
buy now CS0-002