Valentine Day Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 2493360325

Good News !!! CS0-002 CompTIA CySA+ Certification Exam (CS0-002) is now Stable and With Pass Result

CS0-002 Practice Exam Questions and Answers

CompTIA CySA+ Certification Exam (CS0-002)

Last Update 1 week ago
Total Questions : 372

CS0-002 is stable now with all latest exam questions are added 1 week ago. Just download our Full package and start your journey with CompTIA CySA+ Certification Exam (CS0-002) certification. All these CompTIA CS0-002 practice exam questions are real and verified by our Experts in the related industry fields.

CS0-002 PDF

CS0-002 PDF (Printable)
$48
$119.99

CS0-002 Testing Engine

CS0-002 PDF (Printable)
$56
$139.99

CS0-002 PDF + Testing Engine

CS0-002 PDF (Printable)
$70.8
$176.99
Question # 1

A security analyst needs to provide the development learn with secure connectivity from the corporate network to a three-tier cloud environment. The developers require access to servers in all three tiers in order to perform various configuration tasks. Which of the following technologies should the analyst implement to provide secure transport?

Options:

A.  

CASB

B.  

VPC

C.  

Federation

D.  

VPN

Discussion 0
Question # 2

A company recently experienced a breach of sensitive information that affects customers across multiple geographical regions. Which of the following roles would be BEST suited to determine the breach notification requirements?

Options:

A.  

Legal counsel

B.  

Chief Security Officer

C.  

Human resources

D.  

Law enforcement

Discussion 0
Question # 3

An analyst is performing a BIA and needs to consider measures and metrics. Which of the following would help the analyst achieve this objective? (Select two).

Options:

A.  

Time to reimage the server

B.  

Minimum data backup volume

C.  

Disaster recovery plan for non-critical services

D.  

Maximum downtime before impact is unacceptable

E.  

Time required to inform stakeholders about outage

F.  

Total time accepted for business process outage

Discussion 0
Question # 4

An analyst is reviewing registry keys for signs of possible compromise. The analyst observes the following entries:

Question # 4

Which of the following entries should the analyst investigate first?

Options:

A.  

IAStorIcon

B.  

Quickset

C.  

SecurityHeaIth

D.  

calc

E.  

Word

Discussion 0
Question # 5

A security analyst is evaluating the following support ticket:

Issue: Marketing campaigns are being filtered by the customer's email servers.

Description: Our marketing partner cannot send emails using our email address. The following log messages were collected from multiple customers:

• The SPF result is PermError.

• The SPF result is SoftFail or Fail.

• The 550 SPF check failed.

Which of the following should the analyst do next?

Options:

A.  

Ask the marketing partner's ISP to disable the DKIM setting.

B.  

Request approval to disable DMARC on the company's ISP.

C.  

Ask the customers to disable SPF validation.

D.  

Request a configuration change on the company's public DNS.

Discussion 0
Question # 6

A security analyst needs to automate the incident response process for malware infections. When the following logs are generated, an alert email should automatically be sent within 30 minutes:

Question # 6

Which of the following is the best way for the analyst to automate alert generation?

Options:

A.  

Deploy a signature-based IDS

B.  

Install a UEBA-capable antivirus

C.  

Implement email protection with SPF

D.  

Create a custom rule on a SIEM

Discussion 0
Question # 7

A security analyst scans the company's external IP range and receives the following results from one of the hosts:

Question # 7

Which of the following best represents the security concern?

Options:

A.  

A remote communications port is exposed.

B.  

The FTP port should be using TCP only.

C.  

Microsoft RDP is accepting connections on TCP.

D.  

The company's DNS server is exposed to everyone.

Discussion 0
Question # 8

A software developer is correcting the error-handling capabilities of an application following the initial coding of the fix. Which of the following would the software developer MOST likely performed to validate the code poor to pushing it to production?

Options:

A.  

Web-application vulnerability scan

B.  

Static analysis

C.  

Packet inspection

D.  

Penetration test

Discussion 0
Question # 9

Which of the following can detect vulnerable third-parly libraries before code deployment?

Options:

A.  

Impact analysis

B.  

Dynamic analysis

C.  

Static analysis

D.  

Protocol analysis

Discussion 0
Question # 10

A manufacturing company uses a third-party service provider for Tier 1 security support. One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests. Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?

Options:

A.  

Implement a secure supply chain program with governance.

B.  

Implement blacklisting lor IP addresses from outside the county.

C.  

Implement strong authentication controls for at contractors.

D.  

Implement user behavior analytics tor key staff members.

Discussion 0
Question # 11

A security administrator needs to provide access from partners to an Isolated laboratory network inside an organization that meets the following requirements:

• The partners' PCs must not connect directly to the laboratory network.

• The tools the partners need to access while on the laboratory network must be available to all partners

• The partners must be able to run analyses on the laboratory network, which may take hours to complete

Which of the following capabilities will MOST likely meet the security objectives of the request?

Options:

A.  

Deployment of a jump box to allow access to the laboratory network and use of VDI in persistent mode to provide the necessary tools for analysis

B.  

Deployment of a firewall to allow access to the laboratory network and use of VDI in non-persistent mode to provide the necessary tools tor analysis

C.  

Deployment of a firewall to allow access to the laboratory network and use of VDI In persistent mode to provide the necessary tools for analysis

D.  

Deployment of a jump box to allow access to the Laboratory network and use of VDI in non-persistent mode to provide the necessary tools for analysis

Discussion 0
Question # 12

An email analysis system notifies a security analyst that the following message was quarantined and requires further review.

Question # 12

Which of the following actions should the security analyst take?

Options:

A.  

Release the email for delivery due to its importance.

B.  

Immediately contact a purchasing agent to expedite.

C.  

Delete the email and block the sender.

D.  

Purchase the gift cards and submit an expense report.

Discussion 0
Question # 13

A product security analyst has been assigned to evaluate and validate a new products security capabilities Part of the evaluation involves reviewing design changes at specific intervals tor security deficiencies recommending changes and checking for changes at the next checkpoint Which of the following BEST defines the activity being conducted?

Options:

A.  

User acceptance testing

B.  

Stress testing

C.  

Code review

D.  

Security regression testing

Discussion 0
Question # 14

During an audit, several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer. Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products. Which of the following would be the best way to locate this issue?

Options:

A.  

Reduce the session timeout threshold

B.  

Deploy MFA for access to the web server.

C.  

Implement input validation.

D.  

Run a dynamic code analysis.

Discussion 0
Question # 15

An analyst is reviewing the output from some recent network enumeration activities. The following entry relates to a target on the network:

Question # 15

Based on the above output, which Of the following tools or techniques is MOST likely being used?

Options:

A.  

Web application firewall

B.  

Port triggering

C.  

Intrusion prevention system

D.  

Port isolation

E.  

Port address translation

Discussion 0
Question # 16

A company has Detected a large number of tailed login attempts on its network A security analyst is investigating the network's activity logs to establish a pattern of behavior. Which of the following techniques should the analyst use to analyze the increase in failed login attempts?

Options:

A.  

Evidence visualization

B.  

Pattern matching

C.  

Event correlation

D.  

Network sniffing

Discussion 0
Question # 17

When investigating a report of a system compromise, a security analyst views the following /var/log/secure log file:

Question # 17

Which of the following can the analyst conclude from viewing the log file?

Options:

A.  

The comptia user knows the sudo password.

B.  

The comptia user executed the sudo su command.

C.  

The comptia user knows the root password.

D.  

The comptia user added himself or herself to the /etc/sudoers file.

Discussion 0
Question # 18

A vulnerability scanner has identified an out-of-support database software version running on a server. The software update will take six to nine months to complete. The management team has agreed to a one-year extended support contract with the software vendor. Which of the following BEST describes the risk treatment in this scenario?

Options:

A.  

The extended support mitigates any risk associated with the software.

B.  

The extended support contract changes this vulnerability finding to a false positive.

C.  

The company is transferring the risk for the vulnerability to the software vendor.

D.  

The company is accepting the inherent risk of the vulnerability.

Discussion 0
Question # 19

An analyst needs to provide recommendations based on a recent vulnerability scan:

Question # 19

Which of the following should the analyst recommend addressing to ensure potential vulnerabilities are identified?

Options:

A.  

SMB use domain SID to enumerate users

B.  

SYN scanner

C.  

SSL certificate cannot be trusted

D.  

Scan not performed with admin privileges

Discussion 0
Question # 20

An organization announces that all employees will need to work remotely for an extended period of time. All employees will be provided with a laptop and supported hardware to facilitate this requirement. The organization asks the information security division to reduce the risk during this time. Which of the following is a technical control that will reduce the risk of data loss if a laptop is lost or stolen?

Options:

A.  

Requiring the use of the corporate VPN

B.  

Requiring the screen to be locked after five minutes of inactivity

C.  

Requiring the laptop to be locked in a cabinet when not in use

D.  

Requiring full disk encryption

Discussion 0
Question # 21

A manager asks a security analyst lo provide the web-browsing history of an employee. Which of the following should the analyst do first?

Options:

A.  

Obtain permission to perform the search.

B.  

Obtain the web-browsing history from the proxy.

C.  

Obtain the employee's network ID to form the query.

D.  

Download the browsing history, encrypt it. and hash it

Discussion 0
Question # 22

Which of the following is the BEST option to protect a web application against CSRF attacks?

Options:

A.  

Update the web application to the latest version.

B.  

Set a server-side rate limit for CSRF token generation.

C.  

Avoid the transmission of CSRF tokens using cookies.

D.  

Configure the web application to only use HTTPS and TLS 1.3.

Discussion 0
Question # 23

An analyst is responding 10 an incident involving an attack on a company-owned mobile device that was being used by an employee to collect data from clients in the held. Maiware was loaded on the device via the installation of a third-party software package The analyst has baselined the device Which of the following should the analyst do to BEST mitigate future attacks?

Options:

A.  

Implement MDM

B.  

Update the maiware catalog

C.  

Patch the mobile device's OS

D.  

Block third-party applications

Discussion 0
Question # 24

A development team has asked users to conduct testing to ensure an application meets the needs of the business. Which of the fallowing types of testing docs This describe?

Options:

A.  

Acceptance testing

B.  

Stress testing

C.  

Regression testing

D.  

Penetration testing

Discussion 0
Question # 25

In SIEM software, a security analysis selected some changes to hash signatures from monitored files during the night followed by SMB brute-force attacks against the file servers Based on this behavior, which of the following actions should be taken FIRST to prevent a more serious compromise?

Options:

A.  

Fully segregate the affected servers physically in a network segment, apart from the production network.

B.  

Collect the network traffic during the day to understand if the same activity is also occurring during business hours

C.  

Check the hash signatures, comparing them with malware databases to verify if the files are infected.

D.  

Collect all the files that have changed and compare them with the previous baseline

Discussion 0
Question # 26

A new variant of malware is spreading on the company network using TCP 443 to contact its command-and-control server The domain name used for callback continues to change, and the analyst is unable to predict future domain name variance Which of the following actions should the analyst take to stop malicious communications with the LEAST disruption to service?

Options:

A.  

Implement a sinkhole with a high entropy level

B.  

Disable TCP/53 at the parameter firewall

C.  

Block TCP/443 at the edge router

D.  

Configure the DNS forwarders to use recursion

Discussion 0
Question # 27

During a routine review of service restarts a security analyst observes the following in a server log:

Question # 27

Which of the following is the GREATEST security concern?

Options:

A.  

The daemon's binary was AChanged

B.  

Four consecutive days of monitoring are skipped in the tog

C.  

The process identifiers for the running service change

D.  

The PIDs are continuously changing

Discussion 0
Question # 28

An analyst is reviewing email headers to determine if an email has been sent from a legitimate sender. The organization uses SPF to validate email origination. Which of the following most likely indicates an invalid originator?

Options:

A.  

Received-SPF: neutral

B.  

Received-SPF: none

C.  

Received-SPF softfail

D.  

Received-SPF: error

Discussion 0
Question # 29

A company wants to run a leaner team and needs to deploy a threat management system with minimal human Interaction. Which of the following is the server component of the threat management system that can accomplish this goal?

Options:

A.  

STIX

B.  

OpenlOC

C.  

CVSS

D.  

TAXll

Discussion 0
Question # 30

An analyst is responding to an incident within a cloud infrastructure Based on the logs and traffic analysis, the analyst thinks a container has been compromised Which of the following should Ihe analyst do FIRST?

Options:

A.  

Perform threat hunting in other areas of the cloud infrastructure

B.  

Contact law enforcement to report the incident

C.  

Perform a root cause analysis on the container and the service logs

D.  

Isolate the container from production using a predefined policy template

Discussion 0
Question # 31

Which of the following is the best method to ensure secure boot UEFI features are enabled to prevent boot malware?

Options:

A.  

Enable secure boot in the hardware and reload the operating system.

B.  

Reconfigure the system's MBR and enable NTFS.

C.  

Set I-JEFI to legacy mode and enable security features.

D.  

Convert the legacy partition table to UEFI and repair the operating system.

Discussion 0
Question # 32

Which of the following best explains why it is important for companies to implement both privacy and security policies?

Options:

A.  

Private data is insecure by design, so different programs ensure both policies are addressed.

B.  

Security policies will automatically ensure the data complies with privacy regulations.

C.  

Privacy policies will satisfy all regulations to secure consumer and sensitive company data.

D.  

Both policies have some overlap, but the differences can have regulatory consequences.

Discussion 0
Question # 33

An organization needs to secure sensitive data on its critical networks by implementing controls to mitigate APTs. The current policy does not provide any guidance or processes that support the mitigation of APTs. Which of the following technologies should the organization implement lo secure sensitive data? (Select two).

Options:

A.  

WAF

B.  

VPN

C.  

VPC

D.  

IPS

E.  

SIEM

F.  

SSO

Discussion 0
Question # 34

An application has been updated to fix a vulnerability. Which of the following would ensure that previously patched vulnerabilities have not been reintroduced?

Options:

A.  

Stress testing

B.  

Regression testing

C.  

Code review

D.  

Peer review

Discussion 0
Question # 35

A new government regulation requires that organizations only retain the minimum amount of data on a person to perform the organization's necessary activities. Which of the following techniques would help an organization comply with this new regulation?

Options:

A.  

Storing the highest-risk data in a separate and secured environment

B.  

Limiting access to data on a need-to-know basis

C.  

Deidentlfying a data subject throughout the organization's applications

D.  

Having a privacy expert peer review source code before deployment

Discussion 0
Question # 36

A security analyst needs to recommend a solution that will allow users at a company to access cloud-based SaaS services but also prevent them from uploading and exflltrating data. Which of the following solutions should the security analyst recommend?

Options:

A.  

CASB

B.  

MFA

C.  

VPN

D.  

VPS

E.  

DLP

Discussion 0
Question # 37

A forensic examiner is investigating possible malware compromise on an active endpoint device. Which of the following steps should the examiner perform first?

Options:

A.  

Verify the hash value of the image with the value of the copy.

B.  

Use a write blocker to create an image of the hard drive.

C.  

Create a memory dump from RAM.

D.  

Download and apply the latest AV signature.

E.  

Reimage the hard drive and apply the latest updates.

Discussion 0
Question # 38

A cybersecurity analyst is researching operational data to develop a script that will detect the presence of a threat on corporate assets. Which of the following contains the most useful information to produce this script?

Options:

A.  

API documentation

B.  

Protocol analysis captures

C.  

MITRE ATT&CK reports

D.  

OpenloC files

Discussion 0
Question # 39

When of the following techniques can be implemented to safeguard the confidentiality of sensitive information while allowing limited access to authorized individuals?

Options:

A.  

Deidentification

B.  

Hashing

C.  

Masking

D.  

Salting

Discussion 0
Question # 40

A security analyst discovers suspicious activity going to a high-value corporate asset. After reviewing the traffic, the security analyst identifies that

malware was successfully installed on a machine. Which of the following should be completed first?

Options:

A.  

Create an IDS signature of the malware file.

B.  

Create an IPS signature of the malware file.

C.  

Remove the malware from the host.

D.  

Contact the systems administrator.

Discussion 0
Question # 41

A security analyst is logged on to a jump server to audit the system configuration and status. The organization's policies for access to and configuration of the jump server include the following:

• No network access is allowed to the internet.

• SSH is only for management of the server.

• Users must utilize their own accounts, with no direct login as an administrator.

• Unnecessary services must be disabled.

The analyst runs netstar with elevated permissions and receives the following output:

Question # 41

Which of the following policies does the server violate?

Options:

A.  

Unnecessary services must be disabled.

B.  

SSH is only for management of the server.

C.  

No network access is allowed to the internet.

D.  

Users must utilize their own accounts, with no direct login as an administrator.

Discussion 0
Question # 42

A security analyst is deploying a new application in the environment. The application needs to be integrated with several existing applications that contain SPI Pnor to the deployment, the analyst should conduct:

Options:

A.  

a tabletop exercise

B.  

a business impact analysis

C.  

a PCI assessment

D.  

an application stress test.

Discussion 0
Question # 43

An organization wants to implement controls for protecting private information at rest. Which of the following would meet the organization's need?

Options:

A.  

Non-disclosure agreements

B.  

Retention policies

C.  

Data minimization

D.  

Encryption

Discussion 0
Question # 44

During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity The analyst also notes there is no other alert in place for this traffic After resolving the security incident, which of the following would be the BEST action for the analyst to take to increase the chance of detecting this traffic in the future?

Options:

A.  

Share details of the security incident with the organization's human resources management team

B.  

Note the security incident so other analysts are aware the traffic is malicious

C.  

Communicate the security incident to the threat team for further review and analysis

D.  

Report the security incident to a manager for inclusion in the daily report

Discussion 0
Question # 45

An organization is performing a risk assessment to prioritize resources for mitigation and remediation based on impact. Which of the following metrics, in addition to the CVSS for each CVE, would best enable the organization to prioritize its efforts?

Options:

A.  

OS type

B.  

OS or application versions

C.  

Patch availability

D.  

System architecture

E.  

Mission criticality

Discussion 0
Question # 46

Which of the following is the most important reason to involve the human resources department in incident response?

Options:

A.  

To better Inform recruiters during hiring so they can include incident response Interview questions

B.  

To ensure the incident response process captures evidence needed in case of disciplinary actions

C.  

To validate that the incident response process meets the organization's best practices

D.  

To prevent Incident responders from Interacting directly with any users

Discussion 0
Question # 47

An IT security analyst has received an email alert regarding vulnerability within the new fleet of vehicles the company recently purchased. Which of the following attack vectors is the vulnerability MOST likely targeting?

Options:

A.  

SCADA

B.  

CAN bus

C.  

Modbus

D.  

loT

Discussion 0
Question # 48

Which of the following BEST describes how logging and monitoring work when entering into a public cloud relationship with a service provider?

Options:

A.  

Logging and monitoring are not needed in a public cloud environment

B.  

Logging and monitoring are done by the data owners

C.  

Logging and monitoring duties are specified in the SLA and contract

D.  

Logging and monitoring are done by the service provider

Discussion 0
Question # 49

A company uses an FTP server to support its critical business functions The FTP server is configured as follows:

• The FTP service is running with (he data duectory configured in /opt/ftp/data.

• The FTP server hosts employees' home aVectories in /home

• Employees may store sensitive information in their home directories

An loC revealed that an FTP director/ traversal attack resulted in sensitive data loss Which of the following should a server administrator implement to reduce the risk of current and future directory traversal attacks targeted at the FTP server?

Options:

A.  

Implement file-level encryption of sensitive files

B.  

Reconfigure the FTP server to support FTPS

C.  

Run the FTP server n a chroot environment

D.  

Upgrade the FTP server to the latest version

Discussion 0
Question # 50

A new prototype for a company's flagship product was leaked on the internet As a result, the management team has locked out all USB drives Optical drive writers are not present on company computers The sales team has been granted an exception to share sales presentation files with third parties Which of the following would allow the IT team to determine which devices are USB enabled?

Options:

A.  

Asset tagging

B.  

Device encryption

C.  

Data loss prevention

D.  

SIEMIogs

Discussion 0
Question # 51

A cybersecurity analyst inspects DNS logs on a regular basis to identify possible IOCs that are not triggered by known signatures. The analyst reviews the following log snippet:

Question # 51

Which of the following should the analyst do next based on the information reviewed?

Options:

A.  

The analyst should disable DNS recursion.

B.  

The analyst should block requests to no—thanks. invalid.

C.  

The analyst should disconnect host 192.168.1.67.

D.  

The analyst should sinkhole 102.100.20.20.

E.  

The analyst should disallow queries to the 8.8.8.8 resolver.

Discussion 0
Question # 52

During the onboarding process for a new vendor, a security analyst obtains a copy of the vendor's latest penetration test summary:

Question # 52

Performed by: Vendor Red Team Last performed: 14 days ago

Which of the following recommendations should the analyst make first?

Options:

A.  

Perform a more recent penetration test.

B.  

Continue vendor onboarding.

C.  

Disclose details regarding the findings.

D.  

Have a neutral third party perform a penetration test.

Discussion 0
Question # 53

A company's application development has been outsourced to a third-party development team. Based on the SL

A.  

The development team must follow industry best practices for secure coding. Which of the following is the BEST way to verify this agreement?

Options:

A.  

Input validation

B.  

Security regression testing

C.  

Application fuzzing

D.  

User acceptance testing

E.  

Stress testing

Discussion 0
Question # 54

A security analyst is reviewing WAF alerts and sees the following request:

Question # 54

Which of the following BEST describes the attack?

Options:

A.  

SQL injection

B.  

LDAP injection

C.  

Command injection

D.  

Denial of service

Discussion 0
Question # 55

A security analyst responds to a series of events surrounding sporadic bandwidth consumption from an endpoint device. The security analyst then identifies the following additional details:

• Bursts of network utilization occur approximately every seven days.

• The content being transferred appears to be encrypted or obfuscated.

• A separate but persistent outbound TCP connection from the host to infrastructure in a third-party cloud is in place.

• The HDD utilization on the device grows by 10GB to 12GB over the course of every seven days.

• Single file sizes are 10G

B.  

Which of the following describes the most likely cause of the issue?

Options:

A.  

Memory consumption

B.  

Non-standard port usage

C.  

Data exfiltration

D.  

System update

E.  

Botnet participant

Discussion 0
Question # 56

Which of the following factors would determine the regulations placed on data under data sovereignty laws?

Options:

A.  

What the company intends to do with the data it owns

B.  

The company's data security policy

C.  

The type of data the company stores

D.  

The data laws of the country in which the company is located

Discussion 0
Question # 57

Which of the following is the most effective approach to minimize the occurrence of vulnerabilities introduced by unintentional misconfigurations in the cloud?

Options:

A.  

Requiring security training certification before granting access to staff

B.  

Migrating all resources to a private cloud deployment

C.  

Restricting changes to the deployment of validated laC templates

D.  

Reducing laaS deployments by fostering serverless architectures

Discussion 0
Question # 58

The help desk is having difficulty keeping up with all onboarding and offboarding requests. Managers often submit, requests for new users at the last minute. causing the help desk to scramble to create accounts across many different Interconnected systems. Which of the following solutions would work BEST to assist the help desk with the onboarding and offboarding process while protecting the company's assets?

Options:

A.  

MFA

B.  

CASB

C.  

SSO

D.  

RBAC

Discussion 0
Question # 59

Which of the following software assessment methods world peak times?

Options:

A.  

Security regression testing

B.  

Stress testing

C.  

Static analysis testing

D.  

Dynamic analysis testing

E.  

User acceptance testing

Discussion 0
Question # 60

A security analyst sees the following OWASP ZAP output from a scan that was performed against a modern version of Windows while testing for client-side vulnerabilities:

Question # 60

Which of the following is the MOST likely solution to the listed vulnerability?

Options:

A.  

Enable the browser's XSS filter.

B.  

Enable Windows XSS protection

C.  

Enable the browser's protected pages mode

D.  

Enable server-side XSS protection

Discussion 0
Question # 61

Which of the following BEST describes what an organizations incident response plan should cover regarding how the organization handles public or private disclosures of an incident?

Options:

A.  

The disclosure section should focus on how to reduce the likelihood customers will leave due to the incident.

B.  

The disclosure section should contain the organization's legal and regulatory requirements regarding disclosures.

C.  

The disclosure section should include the names and contact information of key employees who are needed for incident resolution

D.  

The disclosure section should contain language explaining how the organization will reduce the likelihood of the incident from happening m the future.

Discussion 0
Question # 62

An organization has the following risk mitigation policies

• Risks without compensating controls will be mitigated first it the nsk value is greater than $50,000

• Other nsk mitigation will be pnontized based on risk value.

The following risks have been identified:

Question # 62

Which of the following is the ordei of priority for risk mitigation from highest to lowest?

Options:

A.  

A, C, D, B

B.  

B, C, D, A

C.  

C, B, A, D

D.  

C.  

D, A, B

E.  

D, C, B, A

Discussion 0
Question # 63

A cybersecurity analyst is concerned about attacks that use advanced evasion techniques. Which of the following would best mitigate such attacks?

Options:

A.  

Keeping IPS rules up to date

B.  

Installing a proxy server

C.  

Applying network segmentation

D.  

Updating the antivirus software

Discussion 0
Question # 64

An analyst Is reviewing a web developer's workstation for potential compromise. While examining the workstation's hosts file, the analyst observes the following:

Question # 64

Which of the following hosts file entries should the analyst use for further investigation?

Options:

A.  

::1

B.  

127.0.0.1

C.  

192.168.3.249

D.  

198.51.100.5

Discussion 0
Question # 65

Which of the following BEST explains the function of a managerial control?

Options:

A.  

To help design and implement the security planning, program development, and maintenance of the security life cycle

B.  

To guide the development of training, education, security awareness programs, and system maintenance

C.  

To create data classification, risk assessments, security control reviews, and contingency planning

D.  

To ensure tactical design, selection of technology to protect data, logical access reviews, and the implementation of audit trails

Discussion 0
Question # 66

A company frequently expenences issues with credential stuffing attacks Which of the following is the BEST control to help prevent these attacks from being successful?

Options:

A.  

SIEM

B.  

IDS

C.  

MFA

D.  

TLS

Discussion 0
Question # 67

A Chief Information Security Officer (CISO) is concerned about new privacy regulations that apply to the company. The CISO has tasked a security analyst with finding the proper control functions to verify that a user's data is not altered without the user's consent. Which of the following would be an appropriate course of action?

Options:

A.  

Automate the use of a hashing algorithm after verified users make changes to their data.

B.  

Use encryption first and then hash the data at regular, defined times.

C.  

Use a DLP product to monitor the data sets for unauthorized edits and changes.

D.  

Replicate the data sets at regular intervals and continuously compare the copies for unauthorized changes.

Discussion 0
Question # 68

An information security analyst is compiling data from a recent penetration test and reviews the following output:

Question # 68

The analyst wants to obtain more information about the web-based services that are running on the target. Which of the following commands would most likely provide the needed information?

Options:

A.  

ping -t 10.79.95.173,rdns.datacenter.com

B.  

telnet 10.79.95.17.17 443

C.  

ftpd 10.79.95.173.rdns.datacenters.com 443

D.  

tracert 10.79,,95,173

Discussion 0
Question # 69

A Chief Information Security Officer has requested a security measure be put in place to redirect certain traffic on the network. Which of the following would best resolve this issue?

Options:

A.  

Sinkholing

B.  

Blocklisting

C.  

Geoblocking

D.  

Sandboxing

Discussion 0
Question # 70

The steering committee for information security management annually reviews the security incident register for the organization to look for trends and systematic issues. The steering committee wants to rank the risks based on past incidents to improve the security program for next year. Below is the incident register for the organization:

Question # 70

Which of the following should the organization consider investing in first due to the potential impact of availability?

Options:

A.  

Hire a managed service provider to help with vulnerability management.

B.  

Build a warm site in case of system outages.

C.  

Invest in a failover and redundant system, as necessary.

D.  

Hire additional staff for the IT department to assist with vulnerability management and log review.

Discussion 0
Question # 71

An internally developed file-monitoring system identified the following except as causing a program to crash often:

Question # 71

Which of the following should a security analyst recommend to fix the issue?

Options:

A.  

Open the access.log file ri read/write mode.

B.  

Replace the strcpv function.

C.  

Perform input samtizaton

D.  

Increase the size of the file data buffer

Discussion 0
Question # 72

As part of an Intelligence feed, a security analyst receives a report from a third-party trusted source. Within the report are several detrains and reputational information that suggest the company's employees may be targeted for a phishing campaign. Which of the following configuration changes would be the MOST appropriate for Mergence gathering?

Options:

A.  

Update the whitelist.

B.  

Develop a malware signature.

C.  

Sinkhole the domains

D.  

Update the Blacklist

Discussion 0
Question # 73

A company experienced a security compromise due to the inappropriate disposal of one of its hardware appliances. Sensitive information stored on the hardware appliance was not removed prior to disposal. Which of the following is the BEST manner in which to dispose of the hardware appliance?

Options:

A.  

Ensure the hardware appliance has the ability to encrypt the data before disposing of it.

B.  

Dispose of all hardware appliances securely, thoroughly, and in compliance with company policies.

C.  

Return the hardware appliance to the vendor, as the vendor is responsible for disposal.

D.  

Establish guidelines for the handling of sensitive information.

Discussion 0
Question # 74

To validate local system-hardening requirements, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

Options:

A.  

SCAP

B.  

SAST

C.  

DAST

D.  

DACS

Discussion 0
Question # 75

A company is building a new internal network. Instead of creating new credentials, the company wants to streamline each employee's authentication. Which of the following technologies would best fulfill this requirement?

Options:

A.  

VPN

B.  

SSO

C.  

SAML

D.  

MFA

Discussion 0
Question # 76

During a risk assessment, a senior manager inquires about what the cost would be if a unique occurrence would impact the availability of a critical service. The service generates $1 ,000 in revenue for the organization. The impact of the attack would affect 20% of the server's capacity to perform jobs. The organization expects that five out of twenty attacks would succeed during the year. Which of the following is the calculated single loss expectancy?

Options:

A.  

$200

B.  

$800

C.  

$5,000

D.  

$20,000

Discussion 0
Question # 77

A security analyst has received a report that servers are no longer able to connect to the network. After many hours of troubleshooting, the analyst determines a Group Policy Object is responsible for the network connectivity Issues. Which of the following solutions should the security analyst recommend to prevent an interruption of service in the future?

Options:

A.  

Cl/CD pipeline

B.  

Impact analysis and reporting

C.  

Appropriate network segmentation

D.  

Change management process

Discussion 0
Question # 78

An organization completed an internal assessment of its policies and procedures. The audit team identified a deficiency in the policies and procedures for PH. Which of the following should be the first step to secure the organization's Pll?

Options:

A.  

Complete Pll training within the organization.

B.  

Contact all Pll data owners within the organization.

C.  

Identify what type of Pll is on the network.

D.  

Formalize current Pll documentation.

Discussion 0
Question # 79

An organization has a policy that requires servers to be dedicated to one function and unneeded services to be disabled. Given the following output from an Nmap scan of a web server:

Question # 79

Which of the following ports should be closed?

Options:

A.  

22

B.  

80

C.  

443

D.  

1433

Discussion 0
Question # 80

A financial organization has offices located globally. Per the organization’s policies and procedures, all executives who conduct Business overseas must have their mobile devices checked for malicious software or evidence of tempering upon their return. The information security department oversees the process, and no executive has had a device compromised. The Chief information Security Officer wants to Implement an additional safeguard to protect the organization's data. Which of the following controls would work BEST to protect the privacy of the data if a device is stolen?

Options:

A.  

Implement a mobile device wiping solution for use if a device is lost or stolen.

B.  

Install a DLP solution to track data now

C.  

Install an encryption solution on all mobile devices.

D.  

Train employees to report a lost or stolen laptop to the security department immediately

Discussion 0
Question # 81

Ensuring that all areas of security have the proper controls is a primary reason why organizations use:

Options:

A.  

frameworks.

B.  

directors and officers.

C.  

incident response plans.

D.  

engineering rigor.

Discussion 0
Question # 82

A company's security team recently discovered a number of workstations that are at the end of life. The workstation vendor informs the team that the product is no longer supported and patches are no longer available The company is not prepared to cease its use of these workstations Which of the following would be the BEST method to protect these workstations from threats?

Options:

A.  

Deploy whitelisting to the identified workstations to limit the attack surface

B.  

Determine the system process centrality and document it

C.  

Isolate the workstations and air gap them when it is feasible

D.  

Increase security monitoring on the workstations

Discussion 0
Question # 83

A company wants to configure the environment to allow passive network monitonng. To avoid disrupting the sensitive network, which of the following must be supported by the scanner's NIC to assist with the company's request?

Options:

A.  

Port bridging

B.  

Tunnel all mode

C.  

Full-duplex mode

D.  

Port mirroring

E.  

Promiscuous mode

Discussion 0
Question # 84

An organization wants to ensure the privacy of the data that is on its systems Full disk encryption and DLP are already in use Which of the following is the BEST option?

Options:

A.  

Require all remote employees to sign an NDA

B.  

Enforce geofencing to limit data accessibility

C.  

Require users to change their passwords more frequently

D.  

Update the AUP to restrict data sharing

Discussion 0
Question # 85

A security analyst is reviewing the network security monitoring logs listed below:

Question # 85

Which of the following is the analyst most likely observing? (Select two).

Options:

A.  

10.1.1.128 sent potential malicious traffic to the web server.

B.  

10.1.1.128 sent malicious requests, and the alert is a false positive

C.  

10.1.1.129 successfully exploited a vulnerability on the web server

D.  

10.1.1.129 sent potential malicious requests to the web server

E.  

10.1.1.129 can determine mat port 443 is being used

F.  

10.1.1.130 can potentially obtain information about the PHP version

Discussion 0
Question # 86

A security technician configured a NIDS to monitor network traffic. Which of the following is a condition in which harmless traffic is classified as a potential network attack?

Options:

A.  

True positive

B.  

True negative

C.  

False positive

D.  

False negative

Discussion 0
Question # 87

Which of the following are important reasons for performing proactive threat-hunting activities7 (Select two).

Options:

A.  

To ensure all alerts are fully investigated

B.  

To test incident response capabilities

C.  

To uncover unknown threats

D.  

To allow alerting rules to be more specific

E.  

To create a new security baseline

F.  

To improve user awareness about security threats

Discussion 0
Question # 88

A forensics investigator is analyzing a compromised workstation. The investigator has cloned the hard drive and needs to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive that was collected as evidence. Which of the following should the investigator do?

Options:

A.  

Insert the hard drive on a test computer and boot the computer.

B.  

Record the serial numbers of both hard drives.

C.  

Compare the file-directory "sting of both hard drives.

D.  

Run a hash against the source and the destination.

Discussion 0
Question # 89

The majority of a company's employees have stated they are unable to perform their job duties due to outdated workstations, so the company has decided to institute BYO

D.  

Which of the following would a security analyst MOST likely recommend for securing the proposed solution?

Options:

A.  

A Linux-based system and mandatory training on Linux for all BYOD users

B.  

A firewalled environment for client devices and a secure VDl for BYOO users

C.  

A standardized anti-malware platform and a unified operating system vendor

D.  

802.1X lo enforce company policy on BYOD user hardware

Discussion 0
Question # 90

A manufacturing company has joined the information sharing and analysis center for its sector. As a benefit, the company will receive structured loC data contributed by other members. Which of the following best describes the utility of this data?

Options:

A.  

Other members will have visibility into Instances o' positive loC identification within me manufacturing company's corporate network.

B.  

The manufacturing company will have access to relevant malware samples from all other manufacturing sector members.

C.  

Other members will automatically adjust their security postures lo defend the manufacturing company's processes.

D.  

The manufacturing company can automatically generate security configurations for all of Its Infrastructure.

Discussion 0
Question # 91

A security analyst is reviewing a firewall usage report that contains traffic generated over the last 30 minutes in order to locate unusual traffic patterns:

Question # 91

Which of the following source IP addresses does the analyst need to investigate further?

Options:

A.  

10.18.76.179

B.  

10.50.180.49

C.  

192.168.48.147

D.  

192.168.100.5

Discussion 0
Question # 92

Forming a hypothesis, looking for indicators of compromise, and using the findings to proactively improve detection capabilities are examples of the value of:

Options:

A.  

vulnerability scanning.

B.  

threat hunting.

C.  

red learning.

D.  

penetration testing.

Discussion 0
Question # 93

During an incident response procedure, a security analyst collects a hard drive to analyze a possible vector of compromise. There is a Linux swap partition on the hard drive that needs to be checked. Which of the following, should the analyst use to extract human-readable content from the partition?

Options:

A.  

strings

B.  

head

C.  

fsstat

D.  

dd

Discussion 0
Question # 94

Which of the following incident response components can identify who is the llaison between multiple lines of business and the pubic?

Options:

A.  

Red-team analysis

B.  

Escalation process and procedures

C.  

Triage and analysis

D.  

Communications plan

Discussion 0
Question # 95

A company wants to ensure confidential data from its storage media files is sanitized so the drives cannot oe reused. Which of the following is the BEST approach?

Options:

A.  

Degaussing

B.  

Shredding

C.  

Formatting

D.  

Encrypting

Discussion 0
Question # 96

Which of the following activities is designed to handle a control

failure that leads to a breach?

Options:

A.  

Risk assessment

B.  

Incident management

C.  

Root cause analysis

D.  

Vulnerability management

Discussion 0
Question # 97

A financial institution's business unit plans to deploy a new technology in a manner that violates existing information security standards. Which of the following actions should the Chief Information Security Officer (CISO) take to manage any type of violation?

Options:

A.  

Enforce the existing security standards and controls.

B.  

Perform a risk analysis and qualify the risk with legal.

C.  

Perform research and propose a better technology.

D.  

Enforce the standard permits.

Discussion 0
Question # 98

A security analyst is analyzing the following output from the Spider tab of OWASP ZAP after a vulnerability scan was completed:

Question # 98

Which of the following options can the analyst conclude based on the provided output?

Options:

A.  

The scanning vendor used robots to make the scanning job faster

B.  

The scanning job was successfully completed, and no vulnerabilities were detected

C.  

The scanning job did not successfully complete due to an out of scope error

D.  

The scanner executed a crawl process to discover pages to be assessed

Discussion 0
Question # 99

A small organization has proprietary software that is used internally. The system has not been wen maintained and cannot be updated with the rest or the environment. Which of the following is the BEST solution?

Options:

A.  

virtualize the system and decommission the physical machine.

B.  

Remove it from the network and require air gapping.

C.  

Implement privileged access management for identity access.

D.  

Implement MFA on the specific system.

Discussion 0
Question # 100

A company notices unknown devices connecting to the internal network and would like to implement a solution to block all non-corporate managed machines. Which of the following solutions would be best to accomplish this goal?

Options:

A.  

WPA2 for W1F1 networks

B.  

NAC with 802.1X implementation

C.  

Extensible Authentication Protocol

D.  

RADIUS with challenge/response

Discussion 0
Question # 101

A company is setting up a small, remote office to support five to ten employees. The company's home office is in a different city, where the company uses a cloud service provider for its business applications and a local server to host its data. To provide shared access from the remote office to the local server and the business applications, which of the following would be the easiest and most secure solution?

Options:

A.  

Use a VPC to host the company's data and keep the current solution for the business applications.

B.  

Use a new server for the remote office to host the data and keep the current solution for the business applications.

C.  

Use a VDI for the home office and keep the current solution for the business applications.

D.  

Use a VPN to access the company's data in the home office and keep the current solution for the business applications.

Discussion 0
Question # 102

During an incident response procedure, a security analyst extracted a binary file from the disk of a compromised server. Which of the following is the best approach for analyzing the file without executing it?

Options:

A.  

Memory analysis

B.  

Hash signature check

C.  

Reverse engineering

D.  

Dynamic analysis

Discussion 0
Question # 103

When investigating a compromised system, a security analyst finds the following script in the /tmp directory:

Question # 103

Which of the following attacks is this script attempting, and how can it be mitigated?

Options:

A.  

This is a password-hijacking attack, and it can be mitigated by using strong encryption protocols.

B.  

This is a password-spraying attack, and it can be mitigated by using multifactor authentication.

C.  

This is a password-dictionary attack, and it can be mitigated by forcing password changes every 30 days.

D.  

This is a credential-stuffing attack, and it can be mitigated by using multistep authentication.

Discussion 0
Question # 104

An intrusion detection analyst reported an inbound connection originating from an unknown IP address recorded on the VPN server for multiple internal hosts. During an investigation, a security analyst determines there were no identifiers associated with the hosts. Which of the following should the security analyst enforce to obtain the best information?

Options:

A.  

Update the organization's IP table.

B.  

Enable user access logging.

C.  

Shut down all VPN connections.

D.  

Create rules for the Active Directory.

Discussion 0
Question # 105

An analyst is coordinating with the management team and collecting several terabytes of data to analyze using advanced mathematical techniques in order to find patterns and correlations in events and activities. Which of the following describes what the analyst is doing?

Options:

A.  

Data visualization

B.  

SOAR

C.  

Machine learning

D.  

SCAP

Discussion 0
Question # 106

A customer notifies a security analyst that a web application is vulnerable to information disclosure The analyst needs to indicate the seventy of the vulnerability based on its CVSS score, which the analyst needs to calculate When analyzing the vulnerability the analyst realizes that tor the attack to be successful, the Tomcat configuration file must be modified Which of the following values should the security analyst choose when evaluating the CVSS score?

Options:

A.  

Network

B.  

Physical

C.  

Adjacent

D.  

Local

Discussion 0
Question # 107

Which of the following solutions is the BEST method to prevent unauthorized use of an API?

Options:

A.  

HTTPS

B.  

Geofencing

C.  

Rate liming

D.  

Authentication

Discussion 0
Question # 108

An organization implemented an extensive firewall access-control blocklist to prevent internal network ranges from communicating with a list of IP addresses of known command-and-control domains A security analyst wants to reduce the load on the firewall. Which of the following can the analyst implement to achieve similar protection and reduce the load on the firewall?

Options:

A.  

A DLP system

B.  

DNS sinkholing

C.  

IP address allow list

D.  

An inline IDS

Discussion 0
Question # 109

A security analyst performs a weekly vulnerability scan on a network that has 240 devices and receives a report with 2.450 pages. Which of the following would most likely decrease the number of false positives?

Options:

A.  

Manual validation

B.  

Penetration testing

C.  

A known-environment assessment

D.  

Credentialed scanning

Discussion 0
Question # 110

An incident response team detected malicious software that could have gained access to credit card data. The incident response team was able to mitigate significant damage and implement corrective actions. By having incident response mechanisms in place. Which of the following should be notified for lessons learned?

Options:

A.  

The human resources department

B.  

Customers

C.  

Company leadership

D.  

The legal team

Discussion 0
Question # 111

Which of the following should a database administrator for an analytics firm implement to best protect PII from an insider threat?

Options:

A.  

Data deidentification

B.  

Data encryption

C.  

Data auditing

D.  

Data minimization

Discussion 0
Get CS0-002 dumps and pass your exam in 24 hours!

Free Exams Sample Questions