Happy Halloween Limited Time 50% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 5550b640

CS0-002 Exam Dumps - CompTIA CySA+ Certification Exam (CS0-002)

Question # 4

Joe, a penetration tester, used a professional directory to identify a network administrator and ID administrator for a client’s company. Joe then emailed the network administrator, identifying himself as the ID administrator, and asked for a current password as part of a security exercise. Which of the following techniques were used in this scenario?

A.

Enumeration and OS fingerprinting

B.

Email harvesting and host scanning

C.

Social media profiling and phishing

D.

Network and host scanning

Full Access
Question # 5

An organization is upgrading its network and all of its workstations The project will occur in phases, with infrastructure upgrades each month and workstation installs every other week. The schedule should accommodate the enterprise-wide changes, while minimizing the impact to the network. Which of the following schedules BEST addresses these requirements?

A.

Monthly topology scans, biweekly host discovery scans, weekly vulnerability scans

B.

Monthly vulnerability scans, biweekly topology scans, daily host discovery scans

C.

Monthly host discovery scans; biweekly vulnerability scans, monthly topology scans

D.

Monthly topology scans, biweekly host discovery scans, monthly vulnerability scans

Full Access
Question # 6

A security engineer is reviewing security products that identify malicious actions by users as part of a company's insider threat program. Which of the following is the MOST appropriate product category for this purpose?

A.

SOAR

B.

WAF

C.

SCAP

D.

UEBA

Full Access
Question # 7

A security analyst has observed several incidents within an organization that are affecting one specific piece of hardware on the network. Further investigation reveals the equipment vendor previously released a patch.

Which of the following is the MOST appropriate threat classification for these incidents?

A.

Known threat

B.

Zero day

C.

Unknown threat

D.

Advanced persistent threat

Full Access
Question # 8

The inability to do remote updates of certificates. keys software and firmware is a security issue commonly associated with:

A.

web servers on private networks.

B.

HVAC control systems

C.

smartphones

D.

firewalls and UTM devices

Full Access
Question # 9

A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application.

Which of the following is a security concern when using a PaaS solution?

A.

The use of infrastructure-as-code capabilities leads to an increased attack surface.

B.

Patching the underlying application server becomes the responsibility of the client.

C.

The application is unable to use encryption at the database level.

D.

Insecure application programming interfaces can lead to data compromise.

Full Access
Question # 10

An employee in the billing department accidentally sent a spreadsheet containing payment card data to a recipient outside the organization The employee intended to send the spreadsheet to an internal staff member with a similar name and was unaware of the mistake until the recipient replied to the message In addition to retraining the employee, which of the following would prevent this from happening in the future?

A.

Implement outgoing filter rules to quarantine messages that contain card data

B.

Configure the outgoing mail filter to allow attachments only to addresses on the whitelist

C.

Remove all external recipients from the employee's address book

D.

Set the outgoing mail filter to strip spreadsheet attachments from all messages.

Full Access
Question # 11

Legacy medical equipment, which contains sensitive data, cannot be patched. Which of the following is the BEST solution to improve the equipment's security posture?

A.

Move the legacy systems behind a WAF

B.

Implement an air gap for the legacy systems.

C.

Implement a VPN between the legacy systems and the local network.

D.

Place the legacy systems in the DMZ

Full Access
Question # 12

A company's security officer needs to implement geographical IP blocks for nation-state actors from a foreign country On which of the following should the blocks be implemented'?

A.

Web content filter

B.

Access control list

C.

Network access control

D.

Data loss prevention

Full Access
Question # 13

An organization that uses SPF has been notified emails sent via its authorized third-party partner are getting rejected A security analyst reviews the DNS entry and sees the following:

v=spfl ip4:180.10.6.5 ip4: 180.10.6.10 include: robusmail.com -all

The organization's primary mail server IP is 180.10 6.6, and the secondary mail server IP is 180.10.6.5. The organization's third-party mail provider is "Robust Mail" with the domain name robustmail.com.

Which of the following is the MOST likely reason for the rejected emails?

A.

The wrong domain name is in the SPF record.

B.

The primary and secondary email server IP addresses are out of sequence.

C.

SPF version 1 does not support third-party providers

D.

An incorrect IP version is being used.

Full Access
Question # 14

An organization has not had an incident for several months. The Chief Information Security Officer (CISO) wants to move to a more proactive stance for security investigations. Which of the following would BEST meet that goal?

A.

Root-cause analysis

B.

Active response

C.

Advanced antivirus

D.

Information-sharing community

E.

Threat hunting

Full Access
Question # 15

An organisation is assessing risks so it can prioritize its mitigation actions. Following are the risks and their probability and impact:

Which of the following is the order of priority for risk mitigation from highest to lowest?

A.

A, B, C, D

B.

A, D, B, C

C.

B, C, A, D

D.

C, B, D, A

E.

D, A, C, B

Full Access
Question # 16

A cybersecurity analyst is establishing a threat hunting and intelligence group at a growing organization. Which of the following is a collaborative resource that would MOST likely be used for this purpose?

A.

Scrum

B.

loC feeds

C.

ISAC

D.

VSS scores

Full Access
Question # 17

A company recently experienced multiple DNS DDoS attacks, and the information security analyst must provide a DDoS solution to deploy in the company's datacenter Which of the following would BEST prevent future attacks?

A.

Configure a sinkhole on the router.

B.

Buy a UTM to block the number of requests.

C.

Route the queries on the DNS server to 127.0.0.1.

D.

Call the Internet service provider to block the attack.

Full Access
Question # 18

Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below:

POST /services/v1_0/Public/Members.svc/soap

192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22

POST /services/v1_0/Public/Members.svc/soap somebody@companyname.com 192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89

POST /services/v1_0/Public/Members.svc/soap http://schemas.xmlsoap.org/soap/envelope/ "> 516.7.446.605 192.168.1.22 - - api.somesite.com 200 0 1003 1011 307 192.168.1.22

POST /services/v1_0/Public/Members.svc/soap http://schemas.xmlsoap.org/soap/envelope/ "> kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd0161222 4''1=113026046 192.168.5.66 - - api.somesite.com 200 0 1378 1209 48 192.168.4.89

Which of the following MOST likely explains how the clients' accounts were compromised?

A.

The clients' authentication tokens were impersonated and replayed.

B.

The clients' usernames and passwords were transmitted in cleartext.

C.

An XSS scripting attack was carried out on the server.

D.

A SQL injection attack was carried out on the server.

Full Access
Question # 19

An information security analyst on a threat-hunting team Is working with administrators to create a hypothesis related to an internally developed web application The working hypothesis is as follows:

• Due to the nature of the industry, the application hosts sensitive data associated with many clients and Is a significant target

• The platform Is most likely vulnerable to poor patching and Inadequate server hardening, which expose vulnerable services.

• The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application.

As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SOL injection attacks Which of the following BEST represents the technique in use?

A.

Improving detection capabilities

B.

Bundling critical assets

C.

Profiling threat actors and activities

D.

Reducing the attack surface area

Full Access
Question # 20

A malicious artifact was collected during an incident response procedure. A security analyst is unable to run it in a sandbox to understand its features and method of operation. Which of the following procedures is the BEST approach to perform a further analysis of the malware's capabilities?

A.

Reverse engineering

B.

Dynamic analysis

C.

Strings extraction

D.

Static analysis

Full Access
Question # 21

An organization developed a comprehensive incident response policy. Executive management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel’s familiarity with incident response procedures?

A.

A simulated breach scenario involving the incident response team

B.

Completion of annual information security awareness training by all employees

C.

Tabletop activities involving business continuity team members

D.

Completion of lessons-learned documentation by the computer security incident response team

E.

External and internal penetration testing by a third party

Full Access
Question # 22

Which of the following is the BEST security practice to prevent ActiveX controls from running malicious code on a user's web application?

A.

Configuring a firewall to block traffic on ports that use ActiveX controls

B.

Adjusting the web-browser settings to block ActiveX controls

C.

Installing network-based IPS to block malicious ActiveX code

D.

Deploying HIPS to block malicious ActiveX code

Full Access
Question # 23

A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two

compromised devices.

Which of the following should be used to identify the traffic?

A.

Carving

B.

Disk imaging

C.

Packet analysis

D.

Memory dump

E.

Hashing

Full Access
Question # 24

A user receives a potentially malicious email that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review.

Which of the following commands would MOST likely indicate if the email is malicious?

A.

sha256sum ~/Desktop/file.pdf

B.

file ~/Desktop/file.pdf

C.

strings ~/Desktop/file.pdf | grep "

D.

cat < ~/Desktop/file.pdf | grep -i .exe

Full Access
Question # 25

The computer incident response team at a multinational company has determined that a breach of sensitive data has occurred in which a threat actor has compromised the organization’s email system. Per the incident response procedures, this breach requires notifying the board immediately. Which of the following would be the BEST method of communication?

A.

Post of the company blog

B.

Corporate-hosted encrypted email

C.

VoIP phone call

D.

Summary sent by certified mail

E.

Externally hosted instant message

Full Access
Question # 26

An incident responder successfully acquired application binaries off a mobile device for later forensic analysis.

Which of the following should the analyst do NEXT?

A.

Decompile each binary to derive the source code.

B.

Perform a factory reset on the affected mobile device.

C.

Compute SHA-256 hashes for each binary.

D.

Encrypt the binaries using an authenticated AES-256 mode of operation.

E.

Inspect the permissions manifests within each application.

Full Access
Question # 27

A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of the device, the security committee makes a risk- based policy decision to review and enforce the vendor upgrade before the end of life is reached.

Which of the following risk actions has the security committee taken?

A.

Risk exception

B.

Risk avoidance

C.

Risk tolerance

D.

Risk acceptance

Full Access
Question # 28

A company recently experienced a break-in whereby a number of hardware assets were stolen through unauthorized access at the back of the building. Which of the following would BEST prevent this type of theft from occurring in the future?

A.

Motion detection

B.

Perimeter fencing

C.

Monitored security cameras

D.

Badged entry

Full Access
Question # 29

A security team wants to make SaaS solutions accessible from only the corporate campus.

Which of the following would BEST accomplish this goal?

A.

Geofencing

B.

IP restrictions

C.

Reverse proxy

D.

Single sign-on

Full Access
Question # 30

A company's security administrator needs to automate several security processes related to testing for the existence of changes within the environment Conditionally other processes will need to be created based on input from prior processes

Which of the following is the BEST method for accomplishing this task?

A.

Machine learning and process monitoring

B.

API integration and data enrichment

C.

Workflow orchestration and scripting

D.

Continuous integration and configuration management

Full Access
Question # 31

A security team identified some specific known tactics and techniques to help mitigate repeated credential access threats, such as account manipulation and brute forcing. Which of the following frameworks or models did the security team MOST likely use to identify the tactics and techniques'?

A.

Kill chain

B.

Diamond Model of Intrusion Analysis

C.

MITRE ATT&CK

D.

ITIL

Full Access
Question # 32

Portions of a legacy application are being refactored to discontinue the use of dynamic SQL Which of the following would be BEST to implement in the legacy application?

A.

Multifactor authentication

B.

Web-application firewall

C.

SQL injection

D.

Parameterized queries

E.

Input validation

Full Access
Question # 33

A security analyst is investigating an incident that appears to have started with SOL injection against a publicly available web application. Which of the following is the FIRST step the analyst should take to prevent future attacks?

A.

Modify the IDS rules to have a signature for SQL injection.

B.

Take the server offline to prevent continued SQL injection attacks.

C.

Create a WAF rule In block mode for SQL injection

D.

Ask the developers to implement parameterized SQL queries.

Full Access
Question # 34

A Chief Information Security Officer (CISO) is concerned about new privacy regulations that apply to the company. The CISO has tasked a security analyst with finding the proper control functions to verity that a user's data is not altered without the user's consent Which of the following would be an appropriate course of action?

A.

Use a DLP product to monitor the data sets for unauthorized edits and changes.

B.

Use encryption first and then hash the data at regular, defined times.

C.

Automate the use of a hashing algorithm after verified users make changes to their data

D.

Replicate the data sets at regular intervals and continuously compare the copies for unauthorized changes.

Full Access
Question # 35

A security analyst is researching an incident and uncovers several details that may link to other incidents. The security analyst wants to determine if other incidents are related to the current incident Which of the followinq threat research methodoloqies would be MOST appropriate for the analyst to use?

A.

Reputation data

B.

CVSS score

C.

Risk assessment

D.

Behavioral analysis

Full Access
Question # 36

A SIEM solution alerts a security analyst of a high number of login attempts against the company's webmail portal. The analyst determines the login attempts used credentials from a past data breach.

Which of the following is the BEST mitigation to prevent unauthorized access?

A.

Single sign-on

B.

Mandatory access control

C.

Multifactor authentication

D.

Federation

E.

Privileged access management

Full Access
Question # 37

A user reports the system is behaving oddly following the installation of an approved third-party software application. The application executable was sourced from an internal repository Which of the following will ensure the application is valid?

A.

Ask the user to refresh the existing definition file for the antivirus software

B.

Perform a malware scan on the file in the internal repository

C.

Hash the application's installation file and compare it to the hash provided by the vendor

D.

Remove the user's system from the network to avoid collateral contamination

Full Access
Question # 38

A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Bing Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of being compromised. Which of the following is the value of this risk?

A.

$75.000

B.

$300.000

C.

$1.425 million

D.

$1.5 million

Full Access
Question # 39

While planning segmentation for an ICS environment, a security engineer determines IT resources will need access to devices within the ICS environment without compromising security.

To provide the MOST secure access model in this scenario, the jumpbox should be.

A.

placed in an isolated network segment, authenticated on the IT side, and forwarded into the ICS network.

B.

placed on the ICS network with a static firewall rule that allows IT network resources to authenticate.

C.

bridged between the IT and operational technology networks to allow authenticated access.

D.

placed on the IT side of the network, authenticated, and tunneled into the ICS environment.

Full Access
Question # 40

A security analyst is reviewing the following log from an email security service.

Which of the following BEST describes the reason why the email was blocked?

A.

The To address is invalid.

B.

The email originated from the www.spamfilter.org URL.

C.

The IP address and the remote server name are the same.

D.

The IP address was blacklisted.

E.

The From address is invalid.

Full Access
Question # 41

Ann, a user, reports to the security team that her browser began redirecting her to random sites while using her Windows laptop. Ann further reports that the OS shows the C: drive is out of space despite having plenty of space recently. Ann claims she not downloaded anything. The security team obtains the laptop and begins to investigate, noting the following:

  • File access auditing is turned off.
  • When clearing up disk space to make the laptop functional, files that appear to be cached web pages are immediately created in a temporary directory, filling up the available drive space.
  • All processes running appear to be legitimate processes for this user and machine.
  • Network traffic spikes when the space is cleared on the laptop.
  • No browser is open.

Which of the following initial actions and tools would provide the BEST approach to determining what is happening?

A.

Delete the temporary files, run an Nmap scan, and utilize Burp Suite.

B.

Disable the network connection, check Sysinternals Process Explorer, and review netstat output.

C.

Perform a hard power down of the laptop, take a dd image, and analyze with FTK.

D.

Review logins to the laptop, search Windows Event Viewer, and review Wireshark captures.

Full Access
Question # 42

A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server to achieve the highest level of security To BEST complete this task, the analyst should place the:

A.

firewall behind the VPN server

B.

VPN server parallel to the firewall

C.

VPN server behind the firewall

D.

VPN on the firewall

Full Access
Question # 43

Which of the following technologies can be used to house the entropy keys for task encryption on desktops and laptops?

A.

Self-encrypting drive

B.

Bus encryption

C.

TPM

D.

HSM

Full Access
Question # 44

A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources.

Which of the following BEST describes this attack?

A.

Injection attack

B.

Memory corruption

C.

Denial of service

D.

Array attack

Full Access