1 / 11

2022 Update CompTIA CySA CS0-002 Questions and Answers

The real and reliable 2022 Update CompTIA CySA CS0-002 Questions and Answers will enable you to get through your exam in just your first attempt without any problem.

examquestionsonline
Download Presentation

2022 Update CompTIA CySA CS0-002 Questions and Answers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS0-002 Free Questions CS0-002 Free Questions CompTIA Cybersecurity Analyst (CySA+) CompTIA Cybersecurity Analyst (CySA+) Certification Exam Certification Exam https://www.passquestion.com/ https://www.passquestion.com/CS0-002 CS0-002.html .html

  2. Question 1 Question 1 In web application scanning, static analysis refers to scanning: In web application scanning, static analysis refers to scanning: A. the system for vulnerabilities before installing the application. A. the system for vulnerabilities before installing the application. B. the compiled code of the application to detect possible issues. B. the compiled code of the application to detect possible issues. C. an application that is installed and active on a system. C. an application that is installed and active on a system. D. an application that is installed on a system that is assigned a static IP. D. an application that is installed on a system that is assigned a static IP. Answer: A Answer: A

  3. Question 2 Question 2 A security analyst discovered a specific series of IP addresses that are targeting an organization. None A security analyst discovered a specific series of IP addresses that are targeting an organization. None of the attacks have been successful. of the attacks have been successful. Which of the following should the security analyst perform NEXT? Which of the following should the security analyst perform NEXT? A. Begin blocking all IP addresses within that subnet. A. Begin blocking all IP addresses within that subnet. B. Determine the attack vector and total attack surface. B. Determine the attack vector and total attack surface. C. Begin a kill chain analysis to determine the impact. C. Begin a kill chain analysis to determine the impact. D. Conduct threat research on the IP addresses D. Conduct threat research on the IP addresses Answer: D Answer: D

  4. Question 3 Question 3 Which of the following technologies can be used to store digital certificates and is typically used in Which of the following technologies can be used to store digital certificates and is typically used in high security implementations where integrity is paramount? high security implementations where integrity is paramount? A. HSM A. HSM B. eFuse B. eFuse C. UEFI C. UEFI D. Self-encrypting drive D. Self-encrypting drive Answer: A Answer: A

  5. Question 4 Question 4 An organization developed a comprehensive modern response policy Executive management An organization developed a comprehensive modern response policy Executive management approved the policy and its associated procedures. approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel's familiarity with Which of the following activities would be MOST beneficial to evaluate personnel's familiarity with incident response procedures? incident response procedures? A. A simulated breach scenario evolving the incident response team A. A simulated breach scenario evolving the incident response team B. Completion of annual information security awareness training by ail employees B. Completion of annual information security awareness training by ail employees C. Tabtetop activities involving business continuity team members C. Tabtetop activities involving business continuity team members D. Completion of lessons-learned documentation by the computer security incident response team D. Completion of lessons-learned documentation by the computer security incident response team E. External and internal penetration testing by a third party E. External and internal penetration testing by a third party Answer: A Answer: A

  6. Question 5 Question 5 A team of security analysts has been alerted to potential malware activity. The initial examination A team of security analysts has been alerted to potential malware activity. The initial examination indicates one of the affected workstations is beaconing on TCP port 80 to five IP addresses and indicates one of the affected workstations is beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. attempting to spread across the network over port 445. Which of the following should be the team’s NEXT step during the detection phase of this Which of the following should be the team’s NEXT step during the detection phase of this response process? response process? A. Escalate the incident to management, who will then engage the network infrastructure team to A. Escalate the incident to management, who will then engage the network infrastructure team to keep them informed. keep them informed. B. Depending on system criticality, remove each affected device from the network by disabling wired B. Depending on system criticality, remove each affected device from the network by disabling wired and wireless connections. and wireless connections. C. Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the C. Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses. five IP addresses. D. Identify potentially affected systems by creating a correlation search in the SIEM based on the D. Identify potentially affected systems by creating a correlation search in the SIEM based on the network traffic. network traffic. Answer: D Answer: D

  7. Question 6 Question 6 The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses The SFTP server logs show thousands of failed login attempts from hundreds of IP addresses worldwide. worldwide. Which of the following controls would BEST protect the service? Which of the following controls would BEST protect the service? A. Whitelisting authorized IP addresses A. Whitelisting authorized IP addresses B. Enforcing more complex password requirements B. Enforcing more complex password requirements C. Blacklisting unauthorized IP addresses C. Blacklisting unauthorized IP addresses D. Establishing a sinkhole service D. Establishing a sinkhole service Answer: C Answer: C

  8. Question 7 Question 7 A cybersecurity analyst is reading a daily intelligence digest of new vulnerabilities. The type of vulnerability that A cybersecurity analyst is reading a daily intelligence digest of new vulnerabilities. The type of vulnerability that should be disseminated FIRST is one that: should be disseminated FIRST is one that: A. enables remote code execution that is being exploited in the wild. A. enables remote code execution that is being exploited in the wild. B. enables data leakage but is not known to be in the environment B. enables data leakage but is not known to be in the environment C. enables lateral movement and was reported as a proof of concept C. enables lateral movement and was reported as a proof of concept D. affected the organization in the past but was probably contained and eradicated D. affected the organization in the past but was probably contained and eradicated Answer: C Answer: C

  9. Question 8 Question 8 Which of the following BEST describes the process by which code is developed, tested, and deployed Which of the following BEST describes the process by which code is developed, tested, and deployed in small batches? in small batches? A. Agile A. Agile B. Waterfall B. Waterfall C. SDLC C. SDLC D. Dynamic code analysis D. Dynamic code analysis Answer: A Answer: A

  10. Question 9 Question 9 A large amount of confidential data was leaked during a recent security breach. As part of a forensic A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured investigation, the security team needs to identify the various types of traffic that were captured between two compromised devices. between two compromised devices. Which of the following should be used to identify the traffic? Which of the following should be used to identify the traffic? A. Carving A. Carving B. Disk imaging B. Disk imaging C. Packet analysis C. Packet analysis D. Memory dump D. Memory dump E. Hashing E. Hashing Answer: C Answer: C

  11. Question 10 Question 10 During an investigation, a security analyst determines suspicious activity occurred during the night During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website. going to an external website. Which of the following would be the MOST appropriate recommendation to prevent the activity Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in the future? from happening in the future? A. An IPS signature modification for the specific IP addresses A. An IPS signature modification for the specific IP addresses B. An IDS signature modification for the specific IP addresses B. An IDS signature modification for the specific IP addresses C. A firewall rule that will block port 80 traffic C. A firewall rule that will block port 80 traffic D. A firewall rule that will block traffic from the specific IP addresses D. A firewall rule that will block traffic from the specific IP addresses Answer: D Answer: D

More Related