Latest CompTIA CS0-002 PDF and Dumps (2022) Free Exam Questions Answers [Q57-Q73]

Share

Latest CompTIA CS0-002 PDF and Dumps (2022) Free Exam Questions Answers

Pass Your CompTIA CySA+ CS0-002 Exam on Feb 01, 2022 with 299 Questions


CompTIA CS0-002 covers five domains. The candidates must develop their skills and competence in the exam content before attempting the test to enhance their chances of success. The topics that will be evaluated during the delivery of the exam are highlighted below:

Threat & Vulnerability Management: 22%

  • Explaining the significance of threat data & intelligence: this area covers your skills in intelligence sources; threat classification; threat actors; confidence levels; indicator management; intelligence cycle; commodity malware; information sharing & analysis communities.
  • Using threat intelligence for the support of organizational security: this domain requires one’s knowledge of attack frameworks; threat research; threat modeling methodologies; threat intelligence sharing.
  • Implementing controls to mitigate software vulnerabilities and attacks: this subject area covers attack types and vulnerabilities.
  • Analyzing outputs from basic vulnerability evaluation tools: the knowledge areas to be measured within this topic include web application scanner; infrastructure vulnerability scanner; enumeration; wireless assessment tools; Cloud infrastructure assessment tools; software assessment techniques and tools.

Certification Overview

CySA+ is a high-in-demand certificate, thanks to the fast growth of the information security segment of the IT field. As you would expect, the earning potentials are equally attractive. The average annual salary for an information security analyst was $99,730 in 2019, according to the Bureau of Labor Statistics.

When it comes to warding off attackers, anti-virus software, firewalls, and other traditional solutions don’t cut it. Consequently, organizations need a more dynamic approach to their system’s security. Professionals with CySA+ help in this regard. This certification endorses one's proficiency in using analytics-based plans to strengthen security. A CySA+ certified analyst can, through continuous monitoring, preemptively detect and combat malware and advance persistent threats.

This certification is a logical next step and an impressive addition for an IT professional who has already earned CompTIA Security+. More so, it puts you closer to becoming a CompTIA Advanced Security Practitioner (CASP+).

 

NEW QUESTION 57
After scanning the main company's website with the OWASP ZAP tool, a cybersecurity analyst is reviewing the following warning:

The analyst reviews a snippet of the offending code:

Which of the following is the BEST course of action based on the above warning and code snippet?

  • A. The developer should review the code and implement a code fix.
  • B. The analyst should implement a scanner exception for the false positive.
  • C. The system administrator should disable SSL and implement TLS.
  • D. The organization should update the browser GPO to resolve the issue.

Answer: D

 

NEW QUESTION 58
A project lead is reviewing the statement of work for an upcoming project that is focused on identifying potential weaknesses in the organization's internal and external network infrastructure.
As part of the project, a team of external contractors will attempt to employ various attacks against the organization. The statement of work specifically addresses the utilization of an automated tool to probe network resources in an attempt to develop logical diagrams indication weaknesses in the infrastructure.
The scope of activity as described in the statement of work is an example of:

  • A. penetration testing
  • B. friendly DoS
  • C. social engineering
  • D. vulnerability scanning
  • E. session hijacking

Answer: A

 

NEW QUESTION 59
A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:

Which of the following can the analyst conclude?

  • A. Malware is attempting to beacon to 128.50.100.3.
  • B. The system is scanning ajgidwle.com for PII.
  • C. The system is running a DoS attack against ajgidwle.com.
  • D. Data is being exfiltrated over DNS.

Answer: B

 

NEW QUESTION 60
During which of the following NIST risk management framework steps would an information system security engineer identify inherited security controls and tailor those controls to the system?

  • A. Categorize
  • B. Access
  • C. Implement
  • D. Select

Answer: D

 

NEW QUESTION 61
A threat intelligence analyst who works for a technology firm received this report from a vendor.
"There has been an intellectual property theft campaign executed
against organizations in the technology industry. Indicators for this
activity are unique to each intrusion. The information that appears to
be targeted is R&D data. The data exfiltration appears to occur over
months via uniform TTPs. Please execute a defensive operation regarding this attack vector." Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protecting against this activity?

  • A. Polymorphic malware and secure code analysis
  • B. APT and behavioral analysis
  • C. Ransomware and encryption
  • D. Insider threat and indicator analysis

Answer: B

 

NEW QUESTION 62
A cybersecurity analyst is currently auditing a new Active Directory server for compliance. The analyst uses Nessus to do the initial scan, and Nessus reports the following:

Which of the following critical vulnerabilities has the analyst discovered?

  • A. Path disclosure
  • B. Zero-day
  • C. User enumeration
  • D. Known backdoor

Answer: D

 

NEW QUESTION 63
A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance software as identified from the firewall logs but the destination IP is blocked and not captured.
Which of the following should the analyst do?

  • A. Shut down the computer
  • B. Take a snapshot
  • C. Capture live data using Wireshark
  • D. Review the network logs.
  • E. Determine if DNS logging is enabled.

Answer: A

 

NEW QUESTION 64
An organization that handles sensitive financial information wants to perform tokenization of data to enable the execution of recurring transactions. The organization is most interested m a secure, built-in device to support its solution. Which of the following would MOST likely be required to perform the desired function?

  • A. FPGA
  • B. HSM
  • C. eFuse
  • D. UEFI
  • E. TPM

Answer: B

 

NEW QUESTION 65
A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.
Tool A reported the following:

Tool B reported the following:

Which of the following BEST describes the method used by each tool? (Choose two.)

  • A. Tool B is unauthenticated.
  • B. Tool B utilized machine learning technology.
  • C. Tool A is unauthenticated.
  • D. Tool B is agent based.
  • E. Tool A is agent based.
  • F. Tool A used fuzzing logic to test vulnerabilities.

Answer: C,D

 

NEW QUESTION 66
An analyst wants to identify hosts that are connecting to the external FTP servers and what, if any, passwords are being used. Which of the following commands should the analyst use?

  • A. tcpdump -X dst port 21
  • B. nmap -o ftp.server -p 21
  • C. ftp ftp.server -p 21
  • D. telnet ftp.server 21

Answer: A

 

NEW QUESTION 67
Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter.
The access records are used to identify which staff members accessed the data center in the event of equipment theft.
Which of the following MUST be prevented in order for this policy to be effective?

  • A. Phishing
  • B. Password reuse
  • C. Tailgating
  • D. Social engineering

Answer: C

 

NEW QUESTION 68
An information security analyst observes anomalous behavior on the SCADA devices in a power plant. This behavior results in the industrial generators overheating and destabilizing the power supply.
Which of the following would BEST identify potential indicators of compromise?

  • A. Use Wireshark to capture packets between SCADA devices and the management system.
  • B. Use Nmap to capture packets from the management system to the SCADA devices.
  • C. Use Burp Suite to capture packets to the SCADA device's IP.
  • D. Use tcpdump to capture packets from the SCADA device IP.

Answer: A

 

NEW QUESTION 69
The board of directors made the decision to adopt a cloud-first strategy. The current security infrastructure was designed for on-premise implementation. A critical application that is subject to the Federal Information Security Management Act (FISMA) of 2002 compliance has been identified as a candidate for a hybrid cloud deployment model. Which of the following should be conducted FIRST?

  • A. Review the SLA for FISMA compliance.
  • B. Perform a risk assessment.
  • C. Develop a request for proposal.
  • D. Review current security controls.

Answer: D

 

NEW QUESTION 70
Company A suspects an employee has been exfiltrating PII via a USB thumb drive. An analyst is tasked with attempting to locate the information on the drive. The PII in question includes the following:

Which of the following would BEST accomplish the task assigned to the analyst?

  • A. \d(3)-d(2)-\d(4)
  • B. \d[9] `XXX-XX-XX'
  • C. 3 [0-9]\d-2[0-9]\d-4[0-9]\d
  • D. ?[3]-?[2]-?[3]

Answer: A

 

NEW QUESTION 71
A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.
Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)

  • A. Harden the hosts on the network, as recommended by the NIST framework.
  • B. Tag the computers with critical findings as a business risk acceptance.
  • C. Resolve the monthly job issues and test them before applying them to the production network.
  • D. Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities.
  • E. Remove the servers reported to have high and medium vulnerabilities.
  • F. Manually patch the computers on the network, as recommended on the CVE website.

Answer: A,B

 

NEW QUESTION 72
An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider.
The incident response team is working on developing a lessons learned report with recommendations.
Which of the following recommendations will BEST prevent the same attack from occurring in the future?

  • A. Analyze normal behavior on the network and configure the IDS to alert on deviations from normal.
  • B. Remove and replace the managed switch with an unmanaged one.
  • C. Implement a separate logical network segment for management interfaces.
  • D. Install and configure NAC services to allow only authorized devices to connect to the network.

Answer: C

 

NEW QUESTION 73
......

CS0-002 Dumps for CompTIA CySA+ Certified Exam Questions & Answer: https://www.fast2test.com/CS0-002-premium-file.html

CS0-002 Free Exam Study Guide! (Updated 299 Questions): https://drive.google.com/open?id=1EHn5ZHdkswTuEJG-RO8hbougzT2oYHeq 

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어