Excellent CS0-002 PDF Dumps With 100% TestSimulate Exam Passing Guaranted [Sep-2021]

100% Pass Your CS0-002 CompTIA Cybersecurity Analyst (CySA+) Certification Exam at First Attempt with TestSimulate

NEW QUESTION 129
A technician receives the following security alert from the firewall's automated system:

After reviewing the alert, which of the following is the BEST analysis?

• A. This alert indicates an endpoint may be infected and is potentially contacting a suspect host.
• B. This alert is a false positive because DNS is a normal network function.
• C. This alert indicates a user was attempting to bypass security measures using dynamic DNS.
• D. This alert was generated by the SIEM because the user attempted too many invalid login attempts.

Answer: A

 

NEW QUESTION 130
An organization is moving its infrastructure to the cloud in an effort to meet the budget and reduce staffing requirements. The organization has three environments: development, testing, and production. These environments have interdependencies but must remain relatively segmented.
Which of the following methods would BEST secure the company's infrastructure and be the simplest to manage and maintain?

• A. Create one cloud account and three separate VPCs for each environment. Create security rules to allow access to and from each environment.
• B. Create three separate cloud accounts for each environment. Configure account peering and security rules to allow access to and from each environment.
• C. Create one cloud account with one VPC for all environments. Purchase a virtual firewall and create granular security rules.
• D. Create three separate cloud accounts for each environment and a single core account for network services.
  Route all traffic through the core account.

Answer: A

 

NEW QUESTION 131
A security analyst, who is working for a company that utilizes Linux servers, receives the following results from a vulnerability scan:

Which of the following is MOST likely a false positive?

• A. Windows SMB service enumeration via \srvsvc
• B. Anonymous FTP enabled
• C. ICMP timestamp request remote date disclosure
• D. Unsupported web server detection

Answer: A

 

NEW QUESTION 132
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output:

Which of the following lines indicates the computer may be compromised?

• A. Line 3
• B. Line 1
• C. Line 6
• D. Line 2
• E. Line 5
• F. Line 4

Answer: F

 

NEW QUESTION 133
Review the following results:

Which of the following has occurred?

• A. 172.29.0.109 is infected with a worm.
• B. 123.120.110.212 is infected with a Trojan.
• C. This is normal network traffic.
• D. 172.29.0.109 is infected with a Trojan.

Answer: C

 

NEW QUESTION 134
Which of the following roles is ultimately responsible for determining the classification levels assigned to specific data sets?

• A. Data owner
• B. Data custodian
• C. Data processor
• D. Senior management

Answer: A

Explanation:
Reference:
https://www.pearsonitcertification.com/articles/article.aspx?p=2731933&seqNum=3

 

NEW QUESTION 135
Hotspot Question
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue.
INSTRUCTIONS
Click on me ticket to see the ticket details Additional content is available on tabs within the ticket First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

 

NEW QUESTION 136
A security analyst is reviewing the following log entries to identify anomalous activity:

Which of the following attack types is occurring?

• A. Buffer overflow
• B. SQL injection
• C. Directory traversal
• D. Cross-site scripting

Answer: C

 

NEW QUESTION 137
A security administrator needs to create an IDS rule to alert on FTP login attempts by root. Which of the following rules is the BEST solution?

• A. Option D
• B. Option B
• C. Option A
• D. Option C

Answer: B

 

NEW QUESTION 138
A cybersecurity analyst has received the laptop of a user who recently left the company.
The analyst types `history' into the prompt, and sees this line of code in the latest bash history:

This concerns the analyst because this subnet should not be known to users within the company.
Which of the following describes what this code has done on the network?

• A. Performed a half open SYB scan on the network.
• B. Performed a ping sweep of the Class C network.
• C. Sequentially sent an ICMP echo reply to the Class C network.
• D. Sent 255 ping packets to each host on the network.

Answer: B

 

NEW QUESTION 139
During an investigation, a computer is being seized. Which of the following is the FIRST step the analyst should take?

• A. Power off the computer and remove it from the network.
• B. Unplug the network cable and take screenshots of the desktop.
• C. Initiate chain-of-custody documentation.
• D. Perform a physical hard disk image.

Answer: A

 

NEW QUESTION 140
During a routine log review, a security analyst has found the following commands that cannot be identified from the Bash history log on the root user.

Which of the following commands should the analyst investigate FIRST?

• A. Line 4
• B. Line 2
• C. Line 3
• D. Line 1
• E. Line 6
• F. Line 5

Answer: B

 

NEW QUESTION 141
A technician receives a report that a user's workstation is experiencing no network connectivity.
The technician investigates and notices the patch cable running from the back of the user's VoIP phone is routed directly under the rolling chair and has been smashes flat over time.
Which of the following is the most likely cause of this issue?

• A. Excessive collisions
• B. Split pairs
• C. Cross-talk
• D. Electromagnetic interference

Answer: A

 

NEW QUESTION 142
A security incident has been created after noticing unusual behavior from a Windows domain controller. The server administrator has discovered that a user logged in to the server with elevated permissions, but the user's account does not follow the standard corporate naming scheme. There are also several other accounts in the administrators group that do not follow this naming scheme. Which of the following is the possible cause for this behavior and the BEST remediation step?

• A. The server has been compromised and should be removed from the network and cleaned before reintroducing it to the network.
• B. The naming scheme allows for too many variations, and the account naming convention should be updates to enforce organizational policies.
• C. The server administrator created user accounts cloning the wrong user ID, and the accounts should be removed from administrators and placed in an employee group.
• D. The Windows Active Directory domain controller has not completed synchronization, and should force the domain controller to sync.

Answer: B

 

NEW QUESTION 143
Management wants to scan servers for vulnerabilities on a periodic basis. Management has decided that the scan frequency should be determined only by vendor patch schedules and the organization's application deployment schedule. Which of the following would force the organization to conduct an out-of- cycle vulnerability scan?

• A. A vendor releases a critical patch update
• B. Newly discovered PII on a server
• C. False positives identified in production
• D. A critical bug fix in the organization's application

Answer: A

 

NEW QUESTION 144
A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activities.
Which of the following would be BEST to implement to alleviate the CISO's concern?

• A. Test data
• B. DLP
• C. NDA
• D. Encryption

Answer: C

 

NEW QUESTION 145
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output:

Which of the following lines indicates the computer may be compromised?

• A. Line 4
• B. Line 3
• C. Line 1
• D. Line 6
• E. Line 2
• F. Line 5

Answer: B

 

NEW QUESTION 146
Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below:
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.s/soap/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/">
<request+xmlns:a="http://schemas.somesite.org"+xmlns:i="http://www.w3.org/2001/XMLSchema-instance"></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22 POST /services/v1_0/Public/Members.svc/soap <<a:Password>Password123</a:Password><a:ResetPasswordToken+i:nil="true"/> <a:ShouldImpersonatedAuthenticationBePopulated+i:nil="true"/><a:Username>[email protected]</a:Username></request></Login></s:Body></s:Envelope> 192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89 POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/"> <a:IPAddress>516.7.446.605</a:IPAddress><a:ZipCode+i:nil="true"/></request></GetIPLocation></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1003 1011 307 192.168.1.22 POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><IsLoggedIn+xmlns="http://tempuri.org/"> <request+xmlns:a="http://schemas.datacontract.org/2004/07/somesite.web+xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:Authentication> <a:ApiToken>kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd</a:ApiToken><a:ImpersonateUserId>0</a:ImpersonateUserId><a:LocationId>161222</a:LocationId> <a:NetworkId>4</a:NetworkId><a:ProviderId>''1=1</a:ProviderId><a:UserId>13026046</a:UserId></a:Authentication></request></IsLoggedIn></s:Body></s:Envelope> 192.168.5.66 - - api.somesite.com 200 0 1378 1209 48 192.168.4.89 Which of the following MOST likely explains how the clients' accounts were compromised?

• A. The clients' usernames and passwords were transmitted in cleartext.
• B. A SQL injection attack was carried out on the server.
• C. An XSS scripting attack was carried out on the server.
• D. The clients' authentication tokens were impersonated and replayed.

Answer: D

 

NEW QUESTION 147
An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform.
Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?

• A. FaaS
• B. CAN bus
• C. SoC
• D. RTOS
• E. GPS

Answer: D

 

NEW QUESTION 148
During an incident, a cybersecurity analyst found several entries in the web server logs that are related to an IP with a bad reputation . Which of the following would cause the analyst to further review the incident?
A)

B)

C)

D)

E)

• A. Option A
• B. Option D
• C. Option B
• D. Option C
• E. Option E

Answer: B

 

NEW QUESTION 149
Given the Nmap request below:

Which of the following actions will an attacker be able to initiate directly against this host?

• A. An SQL injection
• B. ARP spoofing
• C. A brute-force attack
• D. Password sniffing

Answer: C

 

NEW QUESTION 150
A business recently installed a kiosk that is running on a hardened operating system as a restricted user. The kiosk user application is the only application that is allowed to run. A security analyst gets a report that pricing data is being modified on the server, and management wants to know how this is happening. After reviewing the logs, the analyst discovers the root account from the kiosk is accessing the files. After validating the permissions on the server, the analyst confirms the permissions from the kiosk do not allow to write to the server data.
Which of the following is the MOST likely reason for the pricing data modifications on the server?

• A. The kiosk user account has execute permissions on the server data files.
• B. Customers are escaping the application shell and gaining root-level access.
• C. Customers are logging off the kiosk and guessing the root account password.
• D. Data on the server is not encrypted, allowing users to change the pricing data.

Answer: B

 

NEW QUESTION 151
A security analyst is monitoring authentication exchanges over the company's wireless network.
A sample of the Wireshark output is shown below:

Which of the following would improve the security posture of the wireless network?

• A. Using UDP instead of TCP
• B. Using PEAP instead of LEAP
• C. using aspx instead of .jsp
• D. Using SSL 2.0 instead of TLSv1.1

Answer: B

 

NEW QUESTION 152
Risk management wants IT to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet.
Which of the following would BEST provide this solution?

• A. Risk evaluation
• B. Sandboxing
• C. Decomposition of malware
• D. File fingerprinting

Answer: B

 

NEW QUESTION 153
Given the following code:

Which of the following types of attacks is occurring in the example above?

• A. XSS
• B. MITM
• C. Session hijacking
• D. Privilege escalation
• E. SQL injection

Answer: E

 

NEW QUESTION 154
......

Trend for CS0-002 pdf dumps before actual exam: https://www.testsimulate.com/CS0-002-study-materials.html