CS0-002 Exam Dumps (V17.02) of DumpsBase are Still Available for Your CompTIA Cybersecurity Analyst (CySA+) Certification

1. A Chief Executive Officer (CEO) is concerned about the company’s intellectual property being leaked to competitors. The security team performed an extensive review but did not find any indication of an outside breach. The data sets are currently encrypted using the Triple Data Encryption Algorithm.

Which of the following courses of action is appropriate?

2. A company’s Chief Information Security Officer (CISO) published an Internet usage policy that prohibits employees from accessing unauthorized websites. The IT department whitelisted websites used for business needs. The CISO wants the security analyst to recommend a solution that would improve security and support employee morale.

Which of the following security recommendations would allow employees to browse non-business-related websites?

3. In web application scanning, static analysis refers to scanning:

4. An organization has the following risk mitigation policy:

Risks with a probability of 95% or greater will be addressed before all others regardless of the impact.

All other prioritization will be based on risk value.

The organization has identified the following risks:

Which of the following is the order of priority for risk mitigation from highest to lowest?

5. A security analyst is looking at the headers of a few emails that appear to be targeting all users at an organization:

Which of the following technologies would MOST likely be used to prevent this phishing attempt?

6. A small business does not have enough staff in the accounting department to segregate duties. The controller writes the checks for the business and reconciles them against the ledger. To ensure there is no fraud occurring, the business conducts quarterly reviews in which a different officer in the business compares all the cleared checks against the ledger.

Which of the following BEST describes this type of control?

7. A security analyst is performing a Diamond Model analysis of an incident the company had last quarter. A potential benefit of this activity is that it can identify:

8. industry partners from critical infrastructure organizations were victims of attacks on their SCADA devices. The attacks used privilege escalation to gain access to SCADA administration and access management solutions would help to mitigate this risk?

9. Which of the following incident response components can identify who is the llaison between multiple lines of business and the pubic?

10. A security analyst identified one server that was compromised and used as a data making machine, and a few of the hard drive that was created.

Which of the following will MOST likely provide information about when and how the machine was compromised and where the malware is located?

11. Which of the following is the BEST way to gather patch information on a specific server?

12. After a series of Group Policy Object updates, multiple services stopped functioning. The systems

administrator believes the issue resulted from a Group Policy Object update but cannot validate which update caused the Issue.

Which of the following security solutions would resolve this issue?

13. A business recently acquired a software company. The software company's security posture is unknown. However, based on an assessment, there are limited security controls. No significant security monitoring exists.

Which of the following is the NEXT step that should be completed to obtain information about the software company's security posture?

14. An organization is developing software to match customers' expectations.

Before the software goes into production, it must meet the following quality assurance guidelines

• Uncover all the software vulnerabilities.

• Safeguard the interest of the software's end users.

• Reduce the likelihood that a defective program will enter production.

• Preserve the Interests of me software producer

Which of me following should be performed FIRST?

15. A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during incident response.

Which of the following procedures is the NEXT step for further in investigation?

16. A company has a cluster of web servers that is critical to the business. A systems administrator installed a utility to troubleshoot an issue, and the utility caused the entire cluster to 90 offline.

Which of the following solutions would work BEST prevent to this from happening again?

17. A security analyst reviews SIEM logs and discovers the following error event:

Which of the following environments does the analyst need to examine to continue troubleshooting the event?

18. Which of the following organizational initiatives would be MOST impacted by data severighty issues?

19. A company wants to ensure confidential data from its storage media files is sanitized so the drives cannot oe reused.

Which of the following is the BEST approach?

20. White reviewing incident reports from the previous night, a security analyst notices the corporate websites were defaced with po mcai propaganda.

Which of the following BEST Describes this type of actor?

21. The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the company's singe internet connection.

Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT Department?

22. A team of network security analysts is examining network traffic to determine if sensitive data was exfiltrated. Upon further investigation, the analysts believe confidential data was compromised.

Which of the following capabilities would BEST defend against this type of sensitive data exfiltration?

23. A development team has asked users to conduct testing to ensure an application meets the needs of the business.

Which of the fallowing types of testing docs This describe?

24. As part of an Intelligence feed, a security analyst receives a report from a third-party trusted source.

Within the report are several detrains and reputational information that suggest the company's employees may be targeted for a phishing campaign.

Which of the following configuration changes would be the MOST appropriate for Mergence gathering?

25. An organization recently discovered that spreadsheet files containing sensitive financial data were improperly stored on a web server. The management team wants to find out if any of these files were downloaded by pubic users accessing the server. The results should be written to a text file and should induce the date. time, and IP address associated with any spreadsheet downloads. The web server's log file Is named webserver log, and the report We name should be accessreport.txt.

Following is a sample of the web servefs.log file:

2017-0-12 21:01:12 GET /index.htlm - @4..102.33.7 - return=200 1622

Which of the following commands should be run if an analyst only wants to include entries in which spreadsheet was successfully downloaded?

26. Which of the following describes the mam difference between supervised and unsupervised machine-learning algorithms that are used in cybersecurity applications?

27. A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating data. The security engineer also see that deployed, up-to-date antivirus signatures are ineffective.

Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

28. After a remote command execution incident occurred on a web server, a security analyst found the following piece of code in an XML file:

Which of the following it the BEST solution to mitigate this type of attack?

29. A routine vulnerability scan detected a known vulnerability in a critical enterprise web application.

Which of the following would be the BEST next step?

30. The Chief information Officer of a large cloud software vendor reports that many employees are falling victim to phishing emails because they appear to come from other employees.

Which of the following would BEST prevent this issue

31. A financial organization has offices located globally. Per the organization’s policies and procedures, all executives who conduct Business overseas must have their mobile devices checked for malicious software or evidence of tempering upon their return. The information security department oversees the process, and no executive has had a device compromised. The Chief information Security Officer wants to Implement an additional safeguard to protect the organization's data.

Which of the following controls would work BEST to protect the privacy of the data if a device is stolen?

32. In response to an audit finding, a company's Chief information Officer (CIO) instructed the security department to Increase the security posture of the vulnerability management program. Currency, the company's vulnerability management program has the following attributes:

Which of the following would BEST Increase the security posture of the vulnerably management program?

33. A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The Organization has a very low tolerance for risk when it comes to resource availability.

Which of the following is the BEST approach for configuring and scheduling the scan?

34. An analyst receives artifacts from a recent Intrusion and is able to pull a domain, IP address, email address, and software version.

When of the following points of the Diamond Model of Intrusion Analysis does this intelligence represent?

35. A security analyst is running a tool against an executable of an unknown source.

The Input supplied by the tool to the executable program and the output from the executable are shown below:

Which of the following should the analyst report after viewing this Information?

36. After examine a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them.

Which of the following techniques is the analyst using?

37. Which of following allows Secure Boot to be enabled?

38. A security analyst is researching ways to improve the security of a company's email system to mitigate emails that are impersonating company executives.

Which of the following would be BEST for the analyst to configure to achieve this objective?

39. A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment.

Which of the following would be the BEST method to protect the company's data?

40. Which of me following are reasons why consumer IoT devices should be avoided in an enterprise environment? (Select TWO)

41. While investigating reports or issues with a web server, a security analyst attempts to log in remotely and recedes the following message:

The analyst accesses the server console, and the following console messages are displayed:

The analyst is also unable to log in on the console. While reviewing network captures for the server, the analyst sees many packets with the following signature:

Which of the following is the BEST step for the analyst to lake next in this situation?

42. A company recently experienced a breach of sensitive information that affects customers across multiple geographical regions.

Which of the following roles would be BEST suited to determine the breach notification requirements?

43. A security analyst is handling an incident in which ransomware has encrypted the disks of several company workstations.

Which of the following would work BEST to prevent this type of Incident in the future?

44. An organization has a strict policy that if elevated permissions are needed, users should always run commands under their own account, with temporary administrator privileges if necessary.

A security analyst is reviewing syslog entries and sees the following:

Which of the following entries should cause the analyst the MOST concern?

45. A security is reviewing a vulnerability scan report and notes the following finding:

As part of the detection and analysis procedures, which of the following should the analyst do NEXT?

46. A computer hardware manufacturer developing a new SoC that will be used by mobile devices. The SoC should not allow users or the process to downgrade from a newer firmware to an older one.

Which of the following can the hardware manufacturer implement to prevent firmware downgrades?

47. A small organization has proprietary software that is used internally. The system has not been wen maintained and cannot be updated with the rest or the environment.

Which of the following is the BEST solution?

48. A SIEM analyst receives an alert containing the following URL:

Which of the following BEST describes the attack?

49. An organization is focused on restructuring its data governance programs and an analyst has been Tasked with surveying sensitive data within the organization.

Which of the following is the MOST accurate method for the security analyst to complete this assignment?

50. During an incident response procedure, a security analyst collects a hard drive to analyze a possible vector of compromise. There is a Linux swap partition on the hard drive that needs to be checked.

Which of the following, should the analyst use to extract human-readable content from the partition?

51. HOTSPOT

A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive occurred for each device.

Instructions:

Select the Results Generated drop-down option to determine if the results were generated from a credentialed scan, non-credentialed scan, or a compliance scan.

For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click on the option a second time.

Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.

The Linux Web Server, File-Print Server and Directory Server are draggable.

If at any time you would like to bring back the initial state of the simulation, please select the Reset All button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

52. You are a penetration tester who is reviewing the system hardening guidelines for a company.

Hardening guidelines indicate the following.

✑ There must be one primary server or service per device.

✑ Only default port should be used

✑ Non-secure protocols should be disabled.

✑ The corporate internet presence should be placed in a protected subnet Instructions:

✑ Using the available tools, discover devices on the corporate network and the services running on these devices.

You must determine

✑ ip address of each device

✑ The primary server or service each device

✑ The protocols that should be disabled based on the hardening guidelines

53. A security analyst is reviewing the following server statistics:

Which of the following Is MOST likely occurring?

54. A software developer is correcting the error-handling capabilities of an application following the initial coding of the fix.

Which of the following would the software developer MOST likely performed to validate the code poor to pushing it to production?

55. Forming a hypothesis, looking for indicators of compromise, and using the findings to proactively improve detection capabilities are examples of the value of:

56. Which of the following BEST explains the function of a managerial control?

57. Which of the following types of controls defines placing an ACL on a file folder?

58. A code review reveals a web application is using lime-based cookies for session management.

This is a security concern because lime-based cookies are easy to:

59. A security analyst discovers suspicious host activity while performing monitoring activities.

The analyst pulls a packet capture for the activity and sees the following:

Which of the following describes what has occurred?

60. A security analyst is reviewing the following Internet usage trend report:

Which of the following usernames should the security analyst investigate further?

61. A consultant evaluating multiple threat intelligence leads to assess potential risks for a client.

Which of the following is the BEST approach for the consultant to consider when modeling the client's attack surface?

62. Which of the following, BEST explains the function of TPM?

63. A manufacturing company uses a third-party service provider for Tier 1 security support. One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests.

Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?

64. A company's application development has been outsourced to a third-party development team. Based on the SLA. The development team must follow industry best practices for secure coding.

Which of the following is the BEST way to verify this agreement?

65. A security administrator needs to provide access from partners to an Isolated laboratory network inside an organization that meets the following requirements:

• The partners' PCs must not connect directly to the laboratory network.

• The tools the partners need to access while on the laboratory network must be available to all partners

• The partners must be able to run analyses on the laboratory network, which may take hours to complete

Which of the following capabilities will MOST likely meet the security objectives of the request?

66. Which of the following are the MOST likely reasons lo include reporting processes when updating an incident response plan after a breach? (Select TWO).

67. Which of the following is MOST dangerous to the client environment during a vulnerability assessment penetration test?

68. Which of the following is MOST important when developing a threat hunting program?

69. Which of the following are considered PII by themselves? (Select TWO).

70. Which of the following BEST describes HSM?

71. A threat hurting team received a new loC from an ISAC that follows a threat actor's profile and activities.

Which of the following should be updated NEXT?

72. Which of the following BEST describes what an organizations incident response plan should cover regarding how the organization handles public or private disclosures of an incident?

73. An IT security analyst has received an email alert regarding vulnerability within the new fleet of vehicles the company recently purchased.

Which of the following attack vectors is the vulnerability MOST likely targeting?

74. After examining a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them.

Which of the following techniques is the analyst using?

75. An organization is experiencing security incidents in which a systems administrator is creating unauthorized user accounts A security analyst has created a script to snapshot the system configuration each day.

Following iss one of the scripts:

This script has been running successfully every day.

Which of the following commands would provide the analyst with additional useful information relevant to the above script?

A)

B)

C)

D)

76. A company's domain has been spooled in numerous phishing campaigns.

An analyst needs to determine the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that fails DMARC upon review of the record, the analyst finds the following:

Which of the following BEST explains the reason why the company's requirements are not being processed correctly by mailbox providers?

77. Which of the following BEST explains the function of trusted firmware updates as they relate to hardware assurance?

78. A help desk technician inadvertently sent the credentials of the company's CRM n clear text to an employee's personal email account. The technician then reset the employee's account using the appropriate process and the employee's corporate email, and notified the security team of the incident

According to the incident response procedure, which of the following should the security team do NEXT?

79. A developer downloaded and attempted to install a file transfer application in which the installation package is bundled with acKvare. The next-generation antivirus software prevented the file from executing, but it did not remove the file from the device. Over the next few days, more developers tried to download and execute the offending file.

Which of the following changes should be made to the security tools to BEST remedy the issue?

80. After detecting possible malicious external scanning, an internal vulnerability scan was performed, and a critical server was found with an outdated version of JBoss. A legacy application that is running depends on that version of JBoss.

Which of the following actions should be taken FIRST to prevent server compromise and business disruption at the same time?

81. An incident response team detected malicious software that could have gained access to credit card data. The incident response team was able to mitigate significant damage and implement corrective actions. By having incident response mechanisms in place.

Which of the following should be notified for lessons learned?

82. In SIEM software, a security analysis selected some changes to hash signatures from monitored files during the night followed by SMB brute-force attacks against the file servers.

Based on this behavior, which of the following actions should be taken FIRST to prevent a more serious compromise?

83. While implementing a PKI for a company, a security analyst plans to utilize a dedicated server as the certAcate authority that is only used to sign intermediate certificates.

Which of the following are the MOST secure states for the certificate authority server when it is not in use? (Select TWO)

84. Which of the following BEST identifies the appropriate use of threat intelligence as a function of detection and response?

85. While conoXicting a cloud assessment, a security analyst performs a Prowler scan, which generates the following within the report:

Based on the Prowler report, which of the following is the BEST recommendation?

86. An internally developed file-monitoring system identified the following except as causing a program to crash often:

Which of the following should a security analyst recommend to fix the issue?

87. An organization has the following policy statements:

• AlI emails entering or leaving the organization will be subject to inspection for malware, policy violations, and unauthorized coolant.

• AM network activity will be logged and monitored.

• Confidential data will be tagged and tracked

• Confidential data must never be transmitted in an unencrypted form.

• Confidential data must never be stored on an unencrypted mobile device.

Which of the following is the organization enforcing?

88. A Chief Executive Officer (CEO) is concerned the company will be exposed to data sovereignty issues as a result of some new privacy regulations to help mitigate this risk. The Chief Information Security Officer (CISO) wants to implement an appropriate technical control.

Which of the following would meet the requirement?

89. A security analyst needs to provide the development learn with secure connectivity from the corporate network to a three-tier cloud environment. The developers require access to servers in all three tiers in order to perform various configuration tasks.

Which of the following technologies should the analyst implement to provide secure transport?

90. A security analyst found an old version of OpenSSH running on a DMZ server and determined the following piece of code could have led to a command execution through an integer overflow;

Which of the following controls must be in place to prevent this vulnerability?

91. A cyber-security analyst is implementing a new network configuration on an existing network access layer to prevent possible physical attacks.

Which of the following BEST describes a solution that would apply and cause fewer issues during the deployment phase?

92. A security analyst at exampte.com receives a SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream:

Winch of the following actions should the security analyst lake NEXT?

93. A security analyst needs to provide a copy of a hard drive for forensic analysis.

Which of the following would allow the analyst to perform the task?

A)

B)

C)

D)

94. While monitoring the information security notification mailbox, a security analyst notices several emails were repotted as spam.

Which of the following should the analyst do FIRST?

95. Company A is m the process of merging with Company B As part of the merger, connectivity between the ERP systems must be established so portent financial information can be shared between the two entitles.

Which of the following will establish a more automated approach to secure data transfers between the two entities?

96. A company has alerted planning the implemented a vulnerability management procedure. However, to security maturity level is low, so there are some prerequisites to complete before risk calculation and prioritization.

Which of the following should be completed FIRST?

97. A security learn implemented a SCM as part for its security-monitoring program there is a requirement to integrate a number of sources Into the SIEM to provide better context relative to the events being processed.

Which of the following BST describes the result the security learn hopes to accomplish by adding these sources?

98. A security analyst is investigate an no client related to an alert from the threat detection platform on a host (10.0 1.25) in a staging environment that could be running a cryptomining tool because it in sending traffic to an IP address that are related to Bitcoin.

The network rules for the instance are the following:

Which of the following is the BEST way to isolate and triage the host?

99. An analyst is reviewing the following output as part of an incident:

Which of the Wowing is MOST likely happening?

100. The Chief Information Security Officer (CISO) of a large financial institution is seeking a solution that will block a predetermined set of data points from being transferred or downloaded by employees.

The CISO also wants to track the data assets by name, type, content, or data profile.

Which of the following BEST describes what the CIS wants to purchase?