New Year Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia

CS0-002 Sample Questions Answers

Questions 4

While monitoring the information security notification mailbox, a security analyst notices several emails were repotted as spam. Which of the following should the analyst do FIRST?

Options:

A.

Block the sender In the email gateway.

B.

Delete the email from the company's email servers.

C.

Ask the sender to stop sending messages.

D.

Review the message in a secure environment.

Buy Now
Questions 5

A security analyst identified one server that was compromised and used as a data making machine, and a few of the hard drive that was created. Which of the following will MOST likely provide information about when and how the machine was compromised and where the malware is located?

Options:

A.

System timeline reconstruction

B.

System registry extraction

C.

Data carving

D.

Volatile memory analysts

Buy Now
Questions 6

Which of the following is the best reason why organizations need operational security controls?

Options:

A.

To supplement areas that other controls cannot address

B.

To limit physical access to areas that contain sensitive data

C.

To assess compliance automatically against a secure baseline

D.

To prevent disclosure by potential insider threats

Buy Now
Questions 7

A cybersecurity analyst is supporting an Incident response effort via threat Intelligence Which of the following is the analyst most likely executing?

Options:

A.

Requirements analysis and collection planning

B.

Containment and eradication

C.

Recovery and post-incident review

D.

Indicator enrichment and research pivoting

Buy Now
Questions 8

As part of an Intelligence feed, a security analyst receives a report from a third-party trusted source. Within the report are several detrains and reputational information that suggest the company's employees may be targeted for a phishing campaign. Which of the following configuration changes would be the MOST appropriate for Mergence gathering?

Options:

A.

Update the whitelist.

B.

Develop a malware signature.

C.

Sinkhole the domains

D.

Update the Blacklist

Buy Now
Questions 9

A company needs to expand Its development group due to an influx of new feature requirements (rom Its customers. To do so quickly, the company is using Junior-level developers to fill in as needed. The company has found a number of vulnerabilities that have a direct correlation to the code contributed by the junior-level developers. Which of the following controls would best help to reduce the number of software vulnerabilities Introduced by this situation?

Options:

A.

Requiring senior-level developers to review code written by junior-level developers

B.

Hiring senior-level developers only

C.

Allowing only senior-level developers to write code for new features

D.

Using authorized source code repositories only

Buy Now
Questions 10

After a series of Group Policy Object updates, multiple services stopped functioning. The systems administrator believes the issue resulted from a Group Policy Object update but cannot validate which update caused the Issue. Which of the following security solutions would resolve this issue?

Options:

A.

Privilege management

B.

Group Policy Object management

C.

Change management

D.

Asset management

Buy Now
Questions 11

A Chief Executive Officer (CEO) is concerned the company will be exposed to data sovereignty issues as a result of some new privacy regulations to help mitigate this risk. The Chief Information Security Officer (CISO) wants to implement an appropriate technical control. Which of the following would meet the requirement?

Options:

A.

Data masking procedures

B.

Enhanced encryption functions

C.

Regular business impact analysis functions

D.

Geographic access requirements

Buy Now
Questions 12

During the onboarding process for a new vendor, a security analyst obtains a copy of the vendor's latest penetration test summary:

Performed by: Vendor Red Team Last performed: 14 days ago

Which of the following recommendations should the analyst make first?

Options:

A.

Perform a more recent penetration test.

B.

Continue vendor onboarding.

C.

Disclose details regarding the findings.

D.

Have a neutral third party perform a penetration test.

Buy Now
Questions 13

During a review of the vulnerability scan results on a server, an information security analyst notices the following:

The MOST appropriate action for the analyst to recommend to developers is to change the web server so:

Options:

A.

It only accepts TLSvl 2

B.

It only accepts cipher suites using AES and SHA

C.

It no longer accepts the vulnerable cipher suites

D.

SSL/TLS is offloaded to a WAF and load balancer

Buy Now
Questions 14

A developer is working on a program to convert user-generated input in a web form before it is displayed by the browser. This technique is referred to as:

Options:

A.

output encoding.

B.

data protection.

C.

query parameterization.

D.

input validation.

Buy Now
Questions 15

Which of the following attack techniques has the GREATEST likelihood of quick success against Modbus assets?

Options:

A.

Remote code execution

B.

Buffer overflow

C.

Unauthenticated commands

D.

Certificate spoofing

Buy Now
Questions 16

A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during incident response. Which of the following procedures is the NEXT step for further in investigation?

Options:

A.

Data carving

B.

Timeline construction

C.

File cloning

D.

Reverse engineering

Buy Now
Questions 17

An analyst received an alert regarding an application spawning a suspicious command shell process Upon further investigation, the analyst observes the following registry change occurring immediately after the suspicious event:

Which of the following was the suspicious event able to accomplish?

Options:

A.

Impair defenses.

B.

Establish persistence.

C.

Bypass file access controls.

D.

Implement beaconing.

Buy Now
Questions 18

An organization is performing a risk assessment to prioritize resources for mitigation and remediation based on impact. Which of the following metrics, in addition to the CVSS for each CVE, would best enable the organization to prioritize its efforts?

Options:

A.

OS type

B.

OS or application versions

C.

Patch availability

D.

System architecture

E.

Mission criticality

Buy Now
Questions 19

An incident response plan requires systems that contain critical data to be triaged first in the event of a compromise. Which of the following types of data would most likely be classified as critical?

Options:

A.

Encrypted data

B.

data

C.

Masked data

D.

Marketing data

Buy Now
Questions 20

While conducting a cloud assessment, a security analyst performs a Prowler scan, which generates the following within the report:

Based on the Prowler report, which of the following is the BEST recommendation?

Options:

A.

Delete CloudDev access key 1.

B.

Delete BusinessUsr access key 1.

C.

Delete access key 1.

D.

Delete access key 2.

Buy Now
Questions 21

During a routine security review, anomalous traffic from 9.9.9.9 was observed accessing a web server in the corporate perimeter network. The server is mission critical and must remain accessible around the world to serve web content. The Chief Information Security Officer has directed that improper traffic must be restricted. The following output is from the web server:

Which of the following is the best method to accomplish this task?

Options:

A.

Adjusting the IDS to block anomalous activity

B.

Implementing port security

C.

Adding 9.9.9.9 to the blocklist

D.

Adjusting the firewall

Buy Now
Questions 22

A security analyst is investigating a data leak on a corporate website. The attacker was able to dump data by sending a crafted HTTP request with the following payload:

Which of the following systems would most likely have logs with details regarding the threat actor's requests?

Options:

A.

Cloud WAF

B.

Internal proxy

C.

TAXII server

D.

Hardware security module

Buy Now
Questions 23

Which of the following is a reason to use a nsk-based cybersecunty framework?

Options:

A.

A risk-based approach always requires quantifying each cyber nsk faced by an organization

B.

A risk-based approach better allocates an organization's resources against cyberthreats and vulnerabilities

C.

A risk-based approach is driven by regulatory compliance and es required for most organizations

D.

A risk-based approach prioritizes vulnerability remediation by threat hunting and other qualitative-based processes

Buy Now
Questions 24

A user receives a potentially malicious attachment that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review. Which of the following commands would most likely indicate if the email is malicious?

Options:

A.

sha256sum ~/Desktop/fi1e.pdf

B.

/bin/;s -1 ~/Desktop/fi1e.pdf

C.

strings ~/Desktop/fi1e.pdf | grep -i “

D.

cat < ~/Desktop/file.pdf | grep —i .exe

Buy Now
Questions 25

A social media company is planning an acquisition. Prior to the purchase, the Chief Security Officer (CSO) would like a full report to gain a better understanding of the prospective company's cybersecurity posture and to identify risks in the supply chain. Which of the following will best support the CSO's objective?

Options:

A.

Third-party assessment

B.

Memorandum of understanding

C.

Non-disclosure agreement

D.

Software source authenticity

Buy Now
Questions 26

In response to an audit finding, a company's Chief information Officer (CIO) instructed the security department to Increase the security posture of the vulnerability management program. Currency, the company's vulnerability management program has the following attributes:

Which of the following would BEST Increase the security posture of the vulnerably management program?

Options:

A.

Expand the ports Being scanned lo Include al ports increase the scan interval to a number the business win accept without causing service interruption. Enable authentication and perform credentialed scans

B.

Expand the ports being scanned to Include all ports. Keep the scan interval at its current level Enable authentication and perform credentialed scans.

C.

Expand the ports being scanned to Include at ports increase the scan interval to a number the business will accept without causing service Interruption. Continue unauthenticated scans.

D.

Continue scanning the well-known ports increase the scan interval to a number the business will accept without causing service Interruption. Enable authentication and perform credentialed scans.

Buy Now
Questions 27

During an investigation, an analyst discovers the following rule in an executive's email client:

The executive is not aware of this rule. Which of the following should the analyst do first to evaluate the potential impact of this security incident?

Options:

A.

Check the server logs to evaluate which emails were sent to .

B.

Use the SIEM to correlate logging events from the email server and the domain server.

C.

Remove the rule from the email client and change the password.

D.

Recommend that the management team implement SPF and DKIM.

Buy Now
Questions 28

A network appliance manufacturer is building a new generation of devices and would like to include chipset security improvements. The management team wants the security team to implement a method to prevent security weaknesses that could be reintroduced by downgrading the firmware version on the chipset. Which of the following would meet this objective?

Options:

A.

UEFI

B.

A hardware security module

C.

eFUSE

D.

Certificate signed updates

Buy Now
Questions 29

A security analyst discovers the accounting department is hosting an accounts receivable form on a public document service. Anyone with the link can access it. Which of the following threats applies to this situation?

Options:

A.

Potential data loss to external users

B.

Loss of public/private key management

C.

Cloud-based authentication attack

D.

Identification and authentication failures

Buy Now
Questions 30

A product security analyst has been assigned to evaluate and validate a new products security capabilities Part of the evaluation involves reviewing design changes at specific intervals tor security deficiencies recommending changes and checking for changes at the next checkpoint Which of the following BEST defines the activity being conducted?

Options:

A.

User acceptance testing

B.

Stress testing

C.

Code review

D.

Security regression testing

Buy Now
Questions 31

An organization needs to secure sensitive data on its critical networks by implementing controls to mitigate APTs. The current policy does not provide any guidance or processes that support the mitigation of APTs. Which of the following technologies should the organization implement lo secure sensitive data? (Select two).

Options:

A.

WAF

B.

VPN

C.

VPC

D.

IPS

E.

SIEM

F.

SSO

Buy Now
Questions 32

A security analyst is evaluating the following support ticket:

Issue: Marketing campaigns are being filtered by the customer's email servers.

Description: Our marketing partner cannot send emails using our email address. The following log messages were collected from multiple customers:

• The SPF result is PermError.

• The SPF result is SoftFail or Fail.

• The 550 SPF check failed.

Which of the following should the analyst do next?

Options:

A.

Ask the marketing partner's ISP to disable the DKIM setting.

B.

Request approval to disable DMARC on the company's ISP.

C.

Ask the customers to disable SPF validation.

D.

Request a configuration change on the company's public DNS.

Buy Now
Questions 33

A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.

Instructions:

Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.

For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.

Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.

The Linux Web Server, File-Print Server and Directory Server are draggable.

If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Options:

Buy Now
Questions 34

A security analyst is concerned about sensitive data living on company file servers following a zero-day attack that nearly resulted in a breach of millions of customer records. The after action report indicates a lack of controls around the file servers that contain sensitive data. Which of the following DLP considerations would best help the analyst to classify and address the sensitive data on the file servers?

Options:

A.

Implement a CASB device and connect the SaaS applications.

B.

Deploy network DLP appliances pointed to all file servers.

C.

Use data-at-rest scans to locate and identify sensitive data.

D.

Install endpoint DLP agents on all computing resources.

Buy Now
Questions 35

An analyst needs to understand how an attacker compromised a server. Which of the following procedures will best deliver the information that is necessary to reconstruct the steps taken by the attacker?

Options:

A.

Scan the affected system with an anti-malware tool and check for vulnerabilities with a vulnerability scanner.

B.

Extract the server's system timeline, verifying hashes and network connections during a certain time frame.

C.

Clone the entire system and deploy it in a network segment built for tests and investigations while monitoring the system during a certain time frame.

D.

Clone the server's hard disk and extract all the binary files, comparing hash signatures with malware databases.

Buy Now
Questions 36

An organization implemented an extensive firewall access-control blocklist to prevent internal network ranges from communicating with a list of IP addresses of known command-and-control domains A security analyst wants to reduce the load on the firewall. Which of the following can the analyst implement to achieve similar protection and reduce the load on the firewall?

Options:

A.

A DLP system

B.

DNS sinkholing

C.

IP address allow list

D.

An inline IDS

Buy Now
Questions 37

Members of the sales team are using email to send sensitive client lists with contact information to their personal accounts The company's AUP and code of conduct prohibits this practice. Which of the following configuration changes would improve security and help prevent this from occurring?

Options:

A.

Configure the DLP transport rules to provide deep content analysis.

B.

Put employees' personal email accounts on the mail server on a blocklist.

C.

Set up IPS to scan for outbound emails containing names and contact information.

D.

Use Group Policy to prevent users from copying and pasting information into emails.

E.

Move outbound emails containing names and contact information to a sandbox for further examination.

Buy Now
Questions 38

An organization is required to be able to consume multiple threat feeds simultaneously and to provide actionable intelligence to various teams. The organization would also like to be able to leverage the intelligence to enrich security event data. Which of the following functions would most likely help the security analyst meet the organization's requirements?

Options:

A.

Vulnerability management

B.

Risk management

C.

Detection and monitoring

D.

Incident response

Buy Now
Questions 39

Legacy medical equipment, which contains sensitive data, cannot be patched. Which of the following is the best solution to improve the equipment's security posture?

Options:

A.

Move the legacy systems behind a WAR

B.

Implement an air gap for the legacy systems.

C.

Place the legacy systems in the perimeter network.

D.

Implement a VPN between the legacy systems and the local network.

Buy Now
Questions 40

While conoXicting a cloud assessment, a security analyst performs a Prowler scan, which generates the following within the report:

Based on the Prowler report, which of the following is the BEST recommendation?

Options:

A.

Delete Cloud Dev access key 1

B.

Delete BusinessUsr access key 1.

C.

Delete access key 1.

D.

Delete access key 2.

Buy Now
Questions 41

An analyst is responding 10 an incident involving an attack on a company-owned mobile device that was being used by an employee to collect data from clients in the held. Maiware was loaded on the device via the installation of a third-party software package The analyst has baselined the device Which of the following should the analyst do to BEST mitigate future attacks?

Options:

A.

Implement MDM

B.

Update the maiware catalog

C.

Patch the mobile device's OS

D.

Block third-party applications

Buy Now
Questions 42

A security analyst discovers the company's website is vulnerable to cross-site scripting. Which of the following solutions will best remedy the vulnerability?

Options:

A.

Prepared statements

B.

Server-side input validation

C.

Client-side input encoding

D.

Disabled JavaScript filtering

Buy Now
Questions 43

A cybersecunty analyst needs to harden a server that is currently being used as a web server The server needs to be accessible when entenng www company com into the browser Additionally web pages require frequent updates which are performed by a remote contractor Given the following output:

Which of the following should the cybersecunty analyst recommend to harden the server? (Select TWO).

Options:

A.

Uninstall the DNS service

B.

Perform a vulnerability scan

C.

Change the server's IP to a private IP address

D.

Disable the Telnet service

E.

Block port 80 with the host-based firewall

F.

Change the SSH port to a non-standard port

Buy Now
Questions 44

Which of the following are considered PII by themselves? (Select TWO).

Options:

A.

Government ID

B.

Job title

C.

Employment start date

D.

Birth certificate

E.

Employer address

F.

Mother's maiden name

Buy Now
Questions 45

A code review reveals a web application is using lime-based cookies for session management. This is a security concern because lime-based cookies are easy to:

Options:

A.

parameterize.

B.

decode.

C.

guess.

D.

decrypt.

Buy Now
Questions 46

A company frequently expenences issues with credential stuffing attacks Which of the following is the BEST control to help prevent these attacks from being successful?

Options:

A.

SIEM

B.

IDS

C.

MFA

D.

TLS

Buy Now
Questions 47

A security analyst is analyzing the following output from the Spider tab of OWASP ZAP after a vulnerability scan was completed:

Which of the following options can the analyst conclude based on the provided output?

Options:

A.

The scanning vendor used robots to make the scanning job faster

B.

The scanning job was successfully completed, and no vulnerabilities were detected

C.

The scanning job did not successfully complete due to an out of scope error

D.

The scanner executed a crawl process to discover pages to be assessed

Buy Now
Questions 48

A forensic analyst is conducting an investigation on a compromised server Which of the following should the analyst do first to preserve evidence''

Options:

A.

Restore damaged data from the backup media

B.

Create a system timeline

C.

Monitor user access to compromised systems

D.

Back up all log files and audit trails

Buy Now
Questions 49

During an Incident, it Is determined that a customer database containing email addresses, first names, and last names was exfiltrated. Which ot the following should the security analyst do NEXT?

Options:

A.

Consult with the legal department for regulatory impact.

B.

Encrypt the database with available tools.

C.

Email the customers to inform them of the breach.

D.

Follow the incident communications process.

Buy Now
Questions 50

A manufacturing company uses a third-party service provider lor Tier 1 security support One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?

Options:

A.

Implement a secure supply chain program with governance

B.

Implement blacklisting for IP addresses from outside the country

C.

Implement strong authentication controls for all contractors

D.

Implement user behavior analytics for key staff members

Buy Now
Questions 51

A company's Chief Information Officer wants to use a CASB solution to ensure policies are being met during cloud access. Due to the nature of the company's business and risk appetite, the management team elected to not store financial information in the cloud. A security analyst needs to recommend a solution to mitigate the threat of financial data leakage into the cloud. Which of the following should the analyst recommend?

Options:

A.

Utilize the CASB to enforce DLP data-at-rest protection for financial information that is stored on premises.

B.

Do not utilize the CASB solution for this purpose, but add DLP on premises for data in motion.

C.

Utilize the CASB to enforce DLP data-in-motion protection for financial information moving to the cloud.

D.

Do not utilize the CASB solution for this purpose, but add DLP on premises for data at rest.

Buy Now
Questions 52

A security analyst performed a targeted system vulnerability scan to obtain critical information. After the output result, the analyst used the OVAL XML language to review and calculate the discovered risk. Which of the following types of scans did the security analyst perform?

Options:

A.

Active

B.

Network map

C.

Passive

D.

External

Buy Now
Questions 53

As part of the senior leadership team's ongoing nsk management activities the Chief Information Security Officer has tasked a security analyst with coordinating the right training and testing methodology to respond to new business initiatives or significant changes to existing ones The management team wants to examine a new business process that would use existing infrastructure to process and store sensitive data Which of the following would be appropnate for the security analyst to coordinate?

Options:

A.

A black-box penetration testing engagement

B.

A tabletop exercise

C.

Threat modeling

D.

A business impact analysis

Buy Now
Questions 54

While going through successful malware cleanup logs, an analyst notices an old worm that has been replicating itself across the company's network Reinfection of the malware can be prevented with a patch; however, most of the affected systems cannot be patched because the patch would make the system unstable. Which of the following should the analyst recommend to best prevent propagation of the malware throughout the network?

Options:

A.

Segmenting the network to include all legacy systems

B.

Placing vulnerable devices behind a firewall

C.

Scanning the entire network for malware weekly

D.

Patching systems when possible and monitoring the rest of them

Buy Now
Questions 55

Which of the following BEST explains the function of trusted firmware updates as they relate to hardware assurance?

Options:

A.

Trusted firmware updates provide organizations with development, compilation, remote access, and customization for embedded devices.

B.

Trusted firmware updates provide organizations with security specifications, open-source libraries, and custom toots for embedded devices.

C.

Trusted firmware updates provide organizations with remote code execution, distribution, maintenance, and extended warranties for embedded devices

D.

Trusted firmware updates provide organizations with secure code signing, distribution, installation. and attestation for embedded devices.

Buy Now
Questions 56

A security analyst is concerned the number of security incidents being reported has suddenly gone down. Daily business interactions have not changed, and no following should the analyst review FIRST?

Options:

A.

The DNS configuration

B.

Privileged accounts

C.

The IDS rule set

D.

The firewall ACL

Buy Now
Questions 57

A company notices unknown devices connecting to the internal network and would like to implement a solution to block all non-corporate managed machines. Which of the following solutions would be best to accomplish this goal?

Options:

A.

WPA2 for W1F1 networks

B.

NAC with 802.1X implementation

C.

Extensible Authentication Protocol

D.

RADIUS with challenge/response

Buy Now
Questions 58

Which of the following BEST describes how logging and monitoring work when entering into a public cloud relationship with a service provider?

Options:

A.

Logging and monitoring are not needed in a public cloud environment

B.

Logging and monitoring are done by the data owners

C.

Logging and monitoring duties are specified in the SLA and contract

D.

Logging and monitoring are done by the service provider

Buy Now
Questions 59

A cyber-security analyst is implementing a new network configuration on an existing network access layer to prevent possible physical attacks. Which of the following BEST describes a solution that would apply and cause fewer issues during the deployment phase?

Options:

A.

Implement port security with one MAC address per network port of the switch.

B.

Deploy network address protection with DHCP and dynamic VLANs.

C.

Configure 802.1X and EAPOL across the network

D.

Implement software-defined networking and security groups for isolation

Buy Now
Questions 60

A security analyst has received a report that servers are no longer able to connect to the network. After many hours of troubleshooting, the analyst determines a Group Policy Object is responsible for the network connectivity Issues. Which of the following solutions should the security analyst recommend to prevent an interruption of service in the future?

Options:

A.

Cl/CD pipeline

B.

Impact analysis and reporting

C.

Appropriate network segmentation

D.

Change management process

Buy Now
Questions 61

An IT security analyst has received an email alert regarding a vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?

Options:

A.

SCADA

B.

CAN bus

C.

Modbus

D.

IoT

Buy Now
Questions 62

The majority of a company's employees have stated they are unable to perform their job duties due to outdated workstations, so the company has decided to institute BYOD. Which of the following would a security analyst MOST likely recommend for securing the proposed solution?

Options:

A.

A Linux-based system and mandatory training on Linux for all BYOD users

B.

A firewalled environment for client devices and a secure VDl for BYOO users

C.

A standardized anti-malware platform and a unified operating system vendor

D.

802.1X lo enforce company policy on BYOD user hardware

Buy Now
Questions 63

A security officer needs to find the most cost-effective solution to the current data privacy and protection gap found in the last security assessment. Which of the following is the BEST recommendation?

Options:

A.

Require users to sign NDAs

B.

Create a data minimization plan.

C.

Add access control requirements.

D.

Implement a data loss prevention solution.

Buy Now
Questions 64

During an incident response procedure, a security analyst collects a hard drive to analyze a possible vector of compromise. There is a Linux swap partition on the hard drive that needs to be checked. Which of the following, should the analyst use to extract human-readable content from the partition?

Options:

A.

strings

B.

head

C.

fsstat

D.

dd

Buy Now
Questions 65

A software developer is correcting the error-handling capabilities of an application following the initial coding of the fix. Which of the following would the software developer MOST likely performed to validate the code poor to pushing it to production?

Options:

A.

Web-application vulnerability scan

B.

Static analysis

C.

Packet inspection

D.

Penetration test

Buy Now
Questions 66

A company is required to monitor for unauthorized changes to baselines on all assets to comply with industry regulations. Two of the remote units did not recover after scans were performed on the assets. An analyst needs to recommend a solution to prevent recurrence. Which of the following is the best way to satisfy the regulatory requirement without impacting the availability to similar assets and creating an unsustainable process?

Options:

A.

Manually review the baselines daily and document the results in a change history log

B.

Document exceptions with compensating controls to demonstrate the risk mitigation efforts.

C.

Implement a new scanning technology to satisfy the monitoring requirement and train the team.

D.

Purchase new remote units from other vendors with a proven ability to support scanning requirements.

Buy Now
Questions 67

A security analyst is trying to track physical locations of threat actors via SIEM log information. However, correlating IP addresses with geolocation is taking a long time, so the analyst asks a security engineer to add geolocation to the SIEM tool. This is an example of using:

Options:

A.

security orchestration, automation, and response.

B.

continuous integration.

C.

data enrichment.

D.

threat feeds.

Buy Now
Questions 68

A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment. Which of the following would be the BEST method to protect the company's data?

Options:

A.

Implement UEM on an systems and deploy security software.

B.

Implement DLP on all workstations and block company data from being sent outside the company

C.

Implement a CASB and prevent certain types of data from being downloaded to a workstation

D.

Implement centralized monitoring and logging for an company systems.

Buy Now
Questions 69

A systems administrator believes a user's workstation has been compromised. The workstation's performance has been lagging significantly for the past several hours. The administrator runs the task list

/ v command and receives the following output:

Which of the following should a security analyst recognize as an indicator of compromise?

Options:

A.

dwm.exe being executed under the user context

B.

The high usage of vscode. exe * 32

C.

The abnormal behavior of paint.exe

D.

svchost.exe being executed as SYSTEM

Buy Now
Questions 70

A new government regulation requires that organizations only retain the minimum amount of data on a person to perform the organization's necessary activities. Which of the following techniques would help an organization comply with this new regulation?

Options:

A.

Storing the highest-risk data in a separate and secured environment

B.

Limiting access to data on a need-to-know basis

C.

Deidentlfying a data subject throughout the organization's applications

D.

Having a privacy expert peer review source code before deployment

Buy Now
Questions 71

Given the Nmap request below:

Which of the following actions will an attacker be able to initiate directly against this host?

Options:

A.

Password sniffing

B.

ARP spoofing

C.

A brute-force attack

D.

An SQL injection

Buy Now
Questions 72

A Chief Information Security Officer has requested a security measure be put in place to redirect certain traffic on the network. Which of the following would best resolve this issue?

Options:

A.

Sinkholing

B.

Blocklisting

C.

Geoblocking

D.

Sandboxing

Buy Now
Questions 73

Which of the following is the most effective approach to minimize the occurrence of vulnerabilities introduced by unintentional misconfigurations in the cloud?

Options:

A.

Requiring security training certification before granting access to staff

B.

Migrating all resources to a private cloud deployment

C.

Restricting changes to the deployment of validated laC templates

D.

Reducing laaS deployments by fostering serverless architectures

Buy Now
Questions 74

During an audit, several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer. Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products. Which of the following would be the best way to locate this issue?

Options:

A.

Reduce the session timeout threshold

B.

Deploy MFA for access to the web server.

C.

Implement input validation.

D.

Run a dynamic code analysis.

Buy Now
Questions 75

A security analyst needs to automate the incident response process for malware infections. When the following logs are generated, an alert email should automatically be sent within 30 minutes:

Which of the following is the best way for the analyst to automate alert generation?

Options:

A.

Deploy a signature-based IDS

B.

Install a UEBA-capable antivirus

C.

Implement email protection with SPF

D.

Create a custom rule on a SIEM

Buy Now
Questions 76

A forensic examiner is investigating possible malware compromise on an active endpoint device. Which of the following steps should the examiner perform first?

Options:

A.

Verify the hash value of the image with the value of the copy.

B.

Use a write blocker to create an image of the hard drive.

C.

Create a memory dump from RAM.

D.

Download and apply the latest AV signature.

E.

Reimage the hard drive and apply the latest updates.

Buy Now
Questions 77

A security analyst notices the following proxy log entries:

Which of the following is the user attempting to do based on the log entries?

Options:

A.

Use a DoS attack on external hosts.

B.

Exfiltrate data.

C.

Scan the network.

D.

Relay email.

Buy Now
Questions 78

Which of the following types of controls defines placing an ACL on a file folder?

Options:

A.

Technical control

B.

Confidentiality control

C.

Managerial control

D.

Operational control

Buy Now
Questions 79

During the security assessment of a new application, a tester attempts to log in to the application but receives the following message incorrect password for given username. Which of the following can the tester recommend to decrease the likelihood that a malicious attacker will receive helpful information?

Options:

A.

Set the web page to redirect to an application support page when a bad password is entered.

B.

Disable error messaging for authentication

C.

Recognize that error messaging does not provide confirmation of the correct element of authentication

D.

Avoid using password-based authentication for the application

Buy Now
Questions 80

A security analyst is reviewing the following server statistics:

Which of the following Is MOST likely occurring?

Options:

A.

Race condition

B.

Privilege escalation

C.

Resource exhaustion

D.

VM escape

Buy Now
Questions 81

A threat feed disclosed a list of files to be used as an loC for a zero-day vulnerability. A cybersecurity analyst decided to include a custom lookup for these files on the endpoint's log-in script as a mechanism to:

Options:

A.

automate malware signature creation.

B.

close the threat intelligence cycle loop.

C.

generate a STIX object for the TAXII server

D.

improve existing detection capabilities.

Buy Now
Questions 82

A company employee downloads an application from the internet. After the installation, the employee begins experiencing noticeable performance issues, and files are appearing on the desktop.

Which of the following processes will the security analyst Identify as the MOST likely indicator of system compromise given the processes running in Task Manager?

Options:

A.

Chrome.exe

B.

Word.exe

C.

Explorer.exe

D.

mstsc.exe

E.

taskmgr.exe

Buy Now
Questions 83

The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the organization:

Which of the following should the organization consider investing in first due to the potential impact of availability?

Options:

A.

Hire a managed service provider to help with vulnerability management.

B.

Build a warm site in case of system outages.

C.

Invest in a failover and redundant system, as necessary.

D.

Hire additional staff for the IT department to assist with vulnerability management and log review.

Buy Now
Questions 84

As a proactive threat-hunting technique, hunters must develop situational cases based on likely attack scenarios derived from the available threat intelligence information. After forming the basis of the scenario, which of the following may the threat hunter construct to establish a framework for threat assessment?

Options:

A.

Critical asset list

B.

Threat vector

C.

Attack profile

D.

Hypothesis

Buy Now
Questions 85

A security analyst is reviewing the following DNS logs as part of security-monitoring activities:

FROM 192.168.1.20 A www.google.com 67.43.45.22

FROM 192.168.1.20 AAAA www.google.com 2006:67:AD:1FAB::102

FROM 192.168.1.43 A www.mail.com 193.56.221.99

FROM 192.168.1.2 A www.company.com 241.23.22.11

FROM 192.168.1.211 A www.uewiryfajfchfaerwfj.co 32.56.32.122

FROM 192.168.1.106 A www.whatsmyip.com 102.45.33.53

FROM 192.168.1.93 ARAA www.nbc.com 2002:10:976::1

FROM 192.168.1.78 A www.comptia.org 122.10.31.87

Which of the following most likely occurred?

Options:

A.

The attack used an algorithm to generate command and control information dynamically.

B.

The attack attempted to contact www.google.com to verify internet connectivity.

C.

The attack used encryption to obfuscate the payload and bypass detection by an IDS.

D.

The attack caused an internal host to connect to a command and control server.

Buy Now
Questions 86

An organization wants to implement controls for protecting private information at rest. Which of the following would meet the organization's need?

Options:

A.

Non-disclosure agreements

B.

Retention policies

C.

Data minimization

D.

Encryption

Buy Now
Questions 87

A security analyst is correlating, ranking, and enriching raw data into a report that will be interpreted by humans or machines to draw conclusions and create actionable recommendations Which of the following steps in the intelligence cycle is the security analyst performing?

Options:

A.

Analysis and production

B.

Processing and exploitation

C.

Dissemination and evaluation

D.

Data collection

E.

Planning and direction

Buy Now
Questions 88

During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity The analyst also notes there is no other alert in place for this traffic After resolving the security incident, which of the following would be the BEST action for the analyst to take to increase the chance of detecting this traffic in the future?

Options:

A.

Share details of the security incident with the organization's human resources management team

B.

Note the security incident so other analysts are aware the traffic is malicious

C.

Communicate the security incident to the threat team for further review and analysis

D.

Report the security incident to a manager for inclusion in the daily report

Buy Now
Questions 89

An application developer needs help establishing a digital certificate for a new application. Which of the following illustrates a certificate management best practice?

Options:

A.

Ensure the certificate Is applied to the certificate revocation list.

B.

Ensure the certificate key algorithm is SHA-1 compliant.

C.

Ensure the certificate is requested from a trusted CA.

D.

Ensure the developer has self-signed the certificate.

E.

Ensure the certificate key is less than 1028 bits long.

Buy Now
Questions 90

A company's security team recently discovered a number of workstations that are at the end of life. The workstation vendor informs the team that the product is no longer supported and patches are no longer available The company is not prepared to cease its use of these workstations Which of the following would be the BEST method to protect these workstations from threats?

Options:

A.

Deploy whitelisting to the identified workstations to limit the attack surface

B.

Determine the system process centrality and document it

C.

Isolate the workstations and air gap them when it is feasible

D.

Increase security monitoring on the workstations

Buy Now
Questions 91

A security analyst performs a weekly vulnerability scan on a network that has 240 devices and receives a report with 2.450 pages. Which of the following would most likely decrease the number of false positives?

Options:

A.

Manual validation

B.

Penetration testing

C.

A known-environment assessment

D.

Credentialed scanning

Buy Now
Questions 92

An organizational policy requires one person to input accounts payable and another to do accounts receivable. A separate control requires one person to write a check and another person to sign all checks greater than $5,000 and to get an additional signature for checks greater than $10,000. Which of the following controls has the organization implemented?

Options:

A.

Segregation of duties

B.

Job rotation

C.

Non-repudiaton

D.

Dual control

Buy Now
Questions 93

Which of the following is the BEST way to gather patch information on a specific server?

Options:

A.

Event Viewer

B.

Custom script

C.

SCAP software

D.

CI/CD

Buy Now
Questions 94

Company A is m the process of merging with Company B As part of the merger, connectivity between the ERP systems must be established so portent financial information can be shared between the two entitles. Which of the following will establish a more automated approach to secure data transfers between the two entities?

Options:

A.

Set up an FTP server that both companies can access and export the required financial data to a folder.

B.

Set up a VPN between Company A and Company B. granting access only lo the ERPs within the connection

C.

Set up a PKI between Company A and Company B and Intermediate shared certificates between the two entities

D.

Create static NATs on each entity's firewalls that map lo the ERP systems and use native ERP authentication to allow access.

Buy Now
Questions 95

A consultant evaluating multiple threat intelligence leads to assess potential risks for a client. Which of the following is the BEST approach for the consultant to consider when modeling the client's attack surface?

Options:

A.

Ask for external scans from industry peers, look at the open ports, and compare Information with the client.

B.

Discuss potential tools the client can purchase lo reduce the livelihood of an attack.

C.

Look at attacks against similar industry peers and assess the probability of the same attacks happening.

D.

Meet with the senior management team to determine if funding is available for recommended solutions.

Buy Now
Questions 96

A manufacturing company has joined the information sharing and analysis center for its sector. As a benefit, the company will receive structured loC data contributed by other members. Which of the following best describes the utility of this data?

Options:

A.

Other members will have visibility into Instances o' positive loC identification within me manufacturing company's corporate network.

B.

The manufacturing company will have access to relevant malware samples from all other manufacturing sector members.

C.

Other members will automatically adjust their security postures lo defend the manufacturing company's processes.

D.

The manufacturing company can automatically generate security configurations for all of Its Infrastructure.

Buy Now
Questions 97

A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is compatia.org. The testing is successful, and the security technician is prepared to fully implement the solution. Which of the following actions should the technician take to accomplish this task?

Options:

A.

Add TXT @ "v=spfl mx include:_spf.comptia. org -all" to the DNS record.

B.

Add : XT @ "v=spfl mx include:_sp£.comptia.org -all" to the email server.

C.

Add TXT @ "v=spfl mx include:_sp£.comptia.org +all" to the domain controller.

D.

AddTXT @ "v=apfl mx lnclude:_spf .comptia.org +a 11" to the web server.

Buy Now
Questions 98

An organization has specific technical nsk mitigation configurations that must be implemented before a new server can be approved for production Several critical servers were recently deployed with the antivirus missing unnecessary ports disabled and insufficient password complexity Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

Options:

A.

Perform password-cracking attempts on all devices going into production

B.

Perform an Nmap scan on all devices before they are released to production

C.

Perform antivirus scans on all devices before they are approved for production

D.

Perform automated security controls testing of expected configurations pnor to production

Buy Now
Questions 99

While implementing a PKI for a company, a security analyst plans to utilize a dedicated server as the certAcate authority that is only used to sign intermediate certificates. Which of the following are the MOST secure states for the certificate authority server when it is not in use? (Select TWO)

Options:

A.

On a private VLAN

B.

Full disk encrypted

C.

Powered off

D.

Backed up hourly

E.

VPN accessible only

F.

Air gapped

Buy Now
Questions 100

Which of following allows Secure Boot to be enabled?

Options:

A.

eFuse

B.

UEFI

C.

MSM

D.

PAM

Buy Now
Questions 101

A security analyst is reviewing the output of tcpdump to analyze the type of activity on a packet capture:

Which of the following generated the above output?

Options:

A.

A port scan

B.

A TLS connection

C.

A vulnerability scan

D.

A ping sweep

Buy Now
Questions 102

To validate local system-hardening requirements, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

Options:

A.

SCAP

B.

SAST

C.

DAST

D.

DACS

Buy Now
Questions 103

A company's threat team has been reviewing recent security incidents and looking for a common theme. The team discovered the incidents were caused by incorrect configurations on the impacted systems. The issues were reported to support teams, but no action was taken. Which of the following is the next step the company should take to ensure any future issues are remediated?

Options:

A.

Require support teams to develop a corrective control that ensures security failures are addressed once they are identified.

B.

Require support teams to develop a preventive control that ensures new systems are built with the required security configurations.

C.

Require support teams to develop a detective control that ensures they continuously assess systems for configuration errors.

D.

Require support teams to develop a managerial control that ensures systems have a documented configuration baseline.

Buy Now
Questions 104

An organization wants to implement a privileged access management solution to belter manage the use of emergency and privileged service accounts Which of the following would BEST satisfy the organization's goal?

Options:

A.

Access control lists

B.

Discretionary access controls

C.

Policy-based access controls

D.

Credential vaulting

Buy Now
Questions 105

Which of the following is the primary reason financial institutions may share up-to-date threat intelligence information on a secure feed that is

dedicated to their sector?

Options:

A.

To augment information about common malicious actors and indicators of compromise

B.

To prevent malicious actors from knowing they can defend against malicious attacks

C.

To keep other industries from accessing information meant for financial institutions

D.

To focus on attacks specifically targeted at their customers’ mobile applications

Buy Now
Questions 106

During an audit several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products Which of the following would be the BEST way to locate this issue?

Options:

A.

Reduce the session timeout threshold

B.

Deploy MFA for access to the web server

C.

Implement input validation

D.

Run a static code scan

Buy Now
Questions 107

Due to a rise m cyberattackers seeking PHI, a healthcare company that collects highly sensitive data from millions of customers is deploying a solution that will ensure the customers' data is protected by the organization internally and externally Which of the following countermeasures can BEST prevent the loss of customers' sensitive data?

Options:

A.

Implement privileged access management

B.

Implement a risk management process

C.

Implement multifactor authentication

D.

Add more security resources to the environment

Buy Now
Questions 108

A security analyst found an old version of OpenSSH running on a DMZ server and determined the following piece of code could have led to a command execution through an integer overflow;

Which of the following controls must be in place to prevent this vulnerability?

Options:

A.

Convert all integer numbers in strings to handle the memory buffer correctly.

B.

Implement float numbers instead of integers to prevent integer overflows.

C.

Use built-in functions from libraries to check and handle long numbers properly.

D.

Sanitize user inputs, avoiding small numbers that cannot be handled in the memory.

Buy Now
Questions 109

A small business does not have enough staff in the accounting department to segregate duties. The controller writes the checks for the business and reconciles them against the ledger. To ensure there is no fraud occurring, the business conducts quarterly reviews in which a different officer in the business compares all the cleared checks against the ledger. Which of the following BEST describes this type of control?

Options:

A.

Deterrent

B.

Preventive

C.

Compensating

D.

Detective

Buy Now
Questions 110

A security analyst discovers suspicious activity going to a high-value corporate asset. After reviewing the traffic, the security analyst identifies that

malware was successfully installed on a machine. Which of the following should be completed first?

Options:

A.

Create an IDS signature of the malware file.

B.

Create an IPS signature of the malware file.

C.

Remove the malware from the host.

D.

Contact the systems administrator.

Buy Now
Questions 111

The following output is from a tcpdump al the edge of the corporate network:

Which of the following best describes the potential security concern?

Options:

A.

Payload lengths may be used to overflow buffers enabling code execution.

B.

Encapsulated traffic may evade security monitoring and defenses

C.

This traffic exhibits a reconnaissance technique to create network footprints.

D.

The content of the traffic payload may permit VLAN hopping.

Buy Now
Exam Code: CS0-002
Exam Name: CompTIA CySA+ Certification Exam (CS0-002)
Last Update: Jan 5, 2025
Questions: 372
$57.75  $164.99
$43.75  $124.99
$36.75  $104.99
buy now CS0-002