[Jan-2024] Get 100% Real Free CompTIA CySA+ CS0-002 Sample Questions [Q70-Q92]

[Jan-2024] Get 100% Real Free CompTIA CySA+ CS0-002 Sample Questions

Accurate CS0-002 Questions with Free and Fast Updates

CompTIA Cybersecurity Analyst (CySA+) certification is designed to assess the skills of a cybersecurity analyst who is responsible for identifying and responding to security threats in an enterprise environment. CompTIA Cybersecurity Analyst (CySA+) Certification Exam certification is intended for professionals who have a minimum of 3-4 years of hands-on experience in the field of cybersecurity. The CompTIA CySA+ certification exam (CS0-002) assesses the candidate's knowledge and skills in the areas of threat management, vulnerability management, incident response, security architecture and toolsets.

NEW QUESTION # 70
The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the head of the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?

A. Static code analysis
B. Peer code reviews
C. Regression testing
D. User acceptance testing
E. Fuzzing

Answer: D

NEW QUESTION # 71
A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After investigating the platform vulnerability, it was determined that the web services provided are being impacted by this new threat.
Which of the following data types are MOST likely at risk of exposure based on this new threat?
(Choose two.)

A. Employee records
B. Corporate financial data
C. Personal health information
D. Cardholder data
E. Intellectual property

Answer: C,D

NEW QUESTION # 72
An organization has specific technical nsk mitigation configurations that must be implemented before a new server can be approved for production Several critical servers were recently deployed with the antivirus missing unnecessary ports disabled and insufficient password complexity Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

A. Perform automated security controls testing of expected configurations pnor to production
B. Perform password-cracking attempts on all devices going into production
C. Perform antivirus scans on all devices before they are approved for production
D. Perform an Nmap scan on all devices before they are released to production

Answer: A

Explanation:
Automated security controls testing is a method that uses tools or scripts to verify that the security controls of a system or device are configured correctly and comply with the organization's policies and standards. Performing automated security controls testing of expected configurations prior to production would help prevent a recurrence of the risk exposure caused by missing antivirus, unnecessary ports enabled, and insufficient password complexity. Performing password-cracking attempts, Nmap scans, or antivirus scans on all devices before they are released to production are other methods that can help detect some security issues, but they are not as comprehensive or efficient as automated security controls testing. Reference: https://www.nist.gov/system/files/documents/2017/04/28/sp800-115.pdf

NEW QUESTION # 73
Which of the following describes the mam difference between supervised and unsupervised machine-learning algorithms that are used in cybersecurity applications?

A. Supervised algorithms can be used to block attacks, while unsupervised algorithms cannot.
B. Unsupervised algorithms produce more false positives. Than supervised algorithms.
C. Unsupervised algorithms are not suitable for IDS systems, white supervised algorithms are
D. Supervised algorithms require security analyst feedback, while unsupervised algorithms do not.

Answer: D

NEW QUESTION # 74
A company experienced a security compromise due to the inappropriate disposal of one of its hardware appliances. Sensitive information stored on the hardware appliance was not removed prior to disposal. Which of the following is the BEST manner in which to dispose of the hardware appliance?

A. Ensure the hardware appliance has the ability to encrypt the data before disposing of it.
B. Dispose of all hardware appliances securely, thoroughly, and in compliance with company policies.
C. Establish guidelines for the handling of sensitive information.
D. Return the hardware appliance to the vendor, as the vendor is responsible for disposal.

Answer: B

Explanation:
Secure and thorough disposal can involve deleting or wiping all data from the hardware appliances, physically destroying or shredding them, or recycling them through certified vendors or programs. Compliance with company policies can help to ensure that the disposal follows the best practices and standards for data protection and environmental responsibility .

NEW QUESTION # 75
A technician receives the following security alert from the firewall's automated system:

After reviewing the alert, which of the following is the BEST analysis?

A. This alert is a false positive because DNS is a normal network function.
B. This alert indicates a user was attempting to bypass security measures using dynamic DNS.
C. This alert was generated by the SIEM because the user attempted too many invalid login attempts.
D. This alert indicates an endpoint may be infected and is potentially contacting a suspect host.

Answer: D

NEW QUESTION # 76
Scan results identify critical Apache vulnerabilities on a company's web servers. A security analyst believes many of these results are false positives because the web environment mostly consists of Windows servers.
Which of the following is the BEST method of verifying the scan results?

A. Perform a top-ports scan against the identified servers.
B. Run a service discovery scan on the identified servers.
C. Review logs of each host in the SIEM.
D. Refer to the identified servers in the asset inventory.

Answer: B

NEW QUESTION # 77
Company A is m the process of merging with Company B As part of the merger, connectivity between the ERP systems must be established so portent financial information can be shared between the two entitles.
Which of the following will establish a more automated approach to secure data transfers between the two entities?

A. Set up a PKI between Company A and Company B and Intermediate shared certificates between the two entities
B. Create static NATs on each entity's firewalls that map lo the ERP systems and use native ERP authentication to allow access.
C. Set up an FTP server that both companies can access and export the required financial data to a folder.
D. Set up a VPN between Company A and Company B. granting access only lo the ERPs within the connection

Answer: D

NEW QUESTION # 78
While monitoring the information security notification mailbox, a security analyst notices several emails were repotted as spam. Which of the following should the analyst do FIRST?

A. Ask the sender to stop sending messages.
B. Block the sender In the email gateway.
C. Review the message in a secure environment.
D. Delete the email from the company's email servers.

Answer: C

NEW QUESTION # 79
In an effort to be proactive, an analyst has run an assessment against a sample workstation before auditors visit next month. The scan results are as follows:

Based on the output of the scan, which of the following is the BEST answer?

A. Successful sensitivity level check
B. Failed credentialed scan
C. Failed compliance check
D. Failed asset inventory

Answer: B

NEW QUESTION # 80
A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor's instructions and generated a report of vulnerabilities that ran against the same target server.
Tool A reported the following:

Tool B reported the following:

Which of the following BEST describes the method used by each tool? (Choose two.)

A. Tool B utilized machine learning technology.
B. Tool A is unauthenticated.
C. Tool A is agent based.
D. Tool B is unauthenticated.
E. Tool B is agent based.
F. Tool A used fuzzing logic to test vulnerabilities.

Answer: B,E

NEW QUESTION # 81
A company has received the results of an external vulnerability scan from its approved scanning vendor. The company is required to remediate these vulnerabilities for clients within 72 hours of acknowledgement of the scan results.
Which of the following contract breaches would result if this remediation is not provided for clients within the time frame?

A. Regulatory compliance
B. Organizational governance
C. Memorandum of understanding
D. Service level agreement

Answer: D

NEW QUESTION # 82
A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets.
Which of the following is the BEST example of the level of sophistication this threat actor is using?

A. Email addresses and phone numbers tied to the threat actor
B. Social media accounts attributed to the threat actor
C. Custom malware attributed to the threat actor from prior attacks
D. Network assets used in previous attacks attributed to the threat actor
E. IP addresses used by the threat actor for command and control

Answer: E

NEW QUESTION # 83
The help desk noticed a security analyst that emails from a new email server are not being sent out. The new email server was recently added to the existing ones. The analyst runs the following command on the new server.

Given the output, which of the following should the security analyst check NEXT?

A. The DMARC policy
B. The version of SPF that is being used
C. The IP address of the new email server
D. The DNS name of the new email server

Answer: D

NEW QUESTION # 84
The help desk noticed a security analyst that emails from a new email server are not being sent out. The new email server was recently to the existing ones. The analyst runs the following command on the new server.

Given the output, which of the following should the security analyst check NEXT?

A. The DNS name of the new email server
B. The version of SPF that is being used
C. The DMARC policy
D. The IP address of the new email server

Answer: B

NEW QUESTION # 85
Which of the following BEST describes the offensive participants in a tabletop exercise?

A. Security analysts
B. Operations team
C. System administrators
D. Red team
E. Blue team

Answer: D

NEW QUESTION # 86
Malicious users utilized brute force to access a system. An analyst is investigating these attacks and recommends methods to management that would help secure the system. Which of the following controls should the analyst recommend? (Choose three.)

A. Complexity policy
B. Single sign-on
C. Network segmentation
D. Obfuscation
E. Biometrics
F. Multifactor authentication
G. Encryption

Answer: A,E,F

NEW QUESTION # 87
Risk management wants IT to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet.
Which of the following would BEST provide this solution?

A. Decomposition of malware
B. Risk evaluation
C. Sandboxing
D. File fingerprinting

Answer: D

NEW QUESTION # 88
During a routine log review, a security analyst has found the following commands that cannot be identified from the Bash history log on the root user.

Which of the following commands should the analyst investigate FIRST?

A. Line 2
B. Line 6
C. Line 5
D. Line 3
E. Line 1
F. Line 4

Answer: A

NEW QUESTION # 89
A security analyst is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise'?

A. Isolate the system on the network to ensure it cannot access other systems while evaluation is underway.
B. Shut down the system to prevent further degradation of the company network
C. Start a network capture on the system to look into the DNS requests to validate command and control traffic.
D. Run an anti-malware scan on the system to detect and eradicate the current threat
E. Reimage the machine to remove the threat completely and get back to a normal running state.

Answer: C

NEW QUESTION # 90
After a breach involving the exfiltration of a large amount of sensitive data a security analyst is reviewing the following firewall logs to determine how the breach occurred:

Which of the following IP addresses does the analyst need to investigate further?

A. 192.168.1.193
B. 192.168.1.12
C. 192.168.1.10
D. 192.168.1.1

Answer: B

NEW QUESTION # 91
During an incident, a cybersecurity analyst found several entries in the web server logs that are related to an IP with a bad reputation . Which of the following would cause the analyst to further review the incident?
A)

B)

C)

D)

E)