1 / 11

2021 Update CompTIA CySA CS0-002 Questions and answers

PassQuestion provides the latest 2021 Update CompTIA CySA CS0-002 Questions and answers that will allow you to prepare for the your exam and pass it in a single attempt.

examquestionsonline
Download Presentation

2021 Update CompTIA CySA CS0-002 Questions and answers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS0-002 Free Questions CS0-002 Free Questions CompTIA Cybersecurity Analyst (CySA+) Certification Exam https://www.passquestion.com/ https://www.passquestion.com/CS0-002 CS0-002.html .html

  2. Question 1 Question 1 As part of a merger with another organization, a Chief Information Security Officer (CIS As part of a merger with another organization, a Chief Information Security Officer (CIS O) is working with an assessor to perform a risk assessment focused on data privacy comp O) is working with an assessor to perform a risk assessment focused on data privacy comp liance. The CISO is primarily concerned with the potential legal liability and fines associate liance. The CISO is primarily concerned with the potential legal liability and fines associate d with data privacy. d with data privacy. Based on the CISO's concerns, the assessor will MOST likely focus on: Based on the CISO's concerns, the assessor will MOST likely focus on: A. qualitative probabilities. A. qualitative probabilities. B. quantitative probabilities. B. quantitative probabilities. C. qualitative magnitude. C. qualitative magnitude. D. quantitative magnitude. D. quantitative magnitude. Answer: D Answer: D

  3. Question 2 Question 2 A new on-premises application server was recently installed on the network. Remote access to the A new on-premises application server was recently installed on the network. Remote access to the server was enabled for vendor support on required ports, but recent security reports show large server was enabled for vendor support on required ports, but recent security reports show large amounts of data are being sent to various unauthorized networks through those ports. amounts of data are being sent to various unauthorized networks through those ports. Which of the following configuration changes must be implemented to resolve this security issue Which of the following configuration changes must be implemented to resolve this security issue while still allowing remote vendor access? while still allowing remote vendor access? A. Apply a firewall application server rule. A. Apply a firewall application server rule. B. Whitelist the application server. B. Whitelist the application server. C. Sandbox the application server. C. Sandbox the application server. D. Enable port security. D. Enable port security. E. Block the unauthorized networks. E. Block the unauthorized networks. Answer: B Answer: B

  4. Question 3 Question 3 A SIEM solution alerts a security analyst of a high number of login attempts against the company's A SIEM solution alerts a security analyst of a high number of login attempts against the company's webmail portal. The analyst determines the login attempts used credentials from a past data breach. webmail portal. The analyst determines the login attempts used credentials from a past data breach. Which of the following is the BEST mitigation to prevent unauthorized access? Which of the following is the BEST mitigation to prevent unauthorized access? A. Single sign-on A. Single sign-on B. Mandatory access control B. Mandatory access control C. Multifactor authentication C. Multifactor authentication D. Federation D. Federation E. Privileged access management E. Privileged access management Answer: C Answer: C

  5. Question 4 Question 4 A security analyst received a series of antivirus alerts from a workstation segment, and users reported A security analyst received a series of antivirus alerts from a workstation segment, and users reported ransomware messages. During lessons- learned activities, the analyst determines the antivirus was able ransomware messages. During lessons- learned activities, the analyst determines the antivirus was able to alert to abnormal behavior but did not stop this newest variant of ransomware. to alert to abnormal behavior but did not stop this newest variant of ransomware. Which of the following actions should be taken to BEST mitigate the effects of this type of threat in Which of the following actions should be taken to BEST mitigate the effects of this type of threat in the future? the future? A. Enabling application blacklisting A. Enabling application blacklisting B. Enabling sandboxing technology B. Enabling sandboxing technology C. Purchasing cyber insurance C. Purchasing cyber insurance D. Installing a firewall between the workstations and Internet D. Installing a firewall between the workstations and Internet Answer: B Answer: B

  6. Question 5 Question 5 A Chief Security Officer (CSO) is working on the communication requirements (or an organization's A Chief Security Officer (CSO) is working on the communication requirements (or an organization's incident response plan. incident response plan. In addition to technical response activities, which of the following is the main reason why In addition to technical response activities, which of the following is the main reason why communication must be addressed in an effective incident response program? communication must be addressed in an effective incident response program? A. Public relations must receive information promptly in order to notify the community. A. Public relations must receive information promptly in order to notify the community. B. Improper communications can create unnecessary complexity and delay response actions. B. Improper communications can create unnecessary complexity and delay response actions. C. Organizational personnel must only interact with trusted members of the law enforcement C. Organizational personnel must only interact with trusted members of the law enforcement community. community. D. Senior leadership should act as the only voice for the incident response team when working with D. Senior leadership should act as the only voice for the incident response team when working with forensics teams. forensics teams. Answer: B Answer: B

  7. Question 6 Question 6 A security analyst reviews SIEM logs and detects a well-known malicious executable running in a A security analyst reviews SIEM logs and detects a well-known malicious executable running in a Windows machine. The up-to-date antivirus cannot detect the malicious executable. Windows machine. The up-to-date antivirus cannot detect the malicious executable. Which of the following is the MOST likely cause of this issue? Which of the following is the MOST likely cause of this issue? A. The malware is being executed with administrative privileges. A. The malware is being executed with administrative privileges. B. The antivirus does not have the mltware's signature. B. The antivirus does not have the mltware's signature. C. The malware detects and prevents its own execution in a virtual environment. C. The malware detects and prevents its own execution in a virtual environment. D. The malware is fileless and exists only in physical memory. D. The malware is fileless and exists only in physical memory. Answer: D Answer: D

  8. Question 7 Question 7 An analyst needs to provide a recommendation that will allow a custom-developed application to An analyst needs to provide a recommendation that will allow a custom-developed application to have full access to the system's processors and peripherals but still be contained securely from other have full access to the system's processors and peripherals but still be contained securely from other applications that will be developed. applications that will be developed. Which of the following is the BEST technology for the analyst to recommend? Which of the following is the BEST technology for the analyst to recommend? A. Software-based drive encryption A. Software-based drive encryption B. Hardware security module B. Hardware security module C. Unified Extensible Firmware Interface C. Unified Extensible Firmware Interface D. Trusted execution environment D. Trusted execution environment Answer: D Answer: D

  9. Question 8 Question 8 A security analyst is researching an incident and uncovers several details that may link to other A security analyst is researching an incident and uncovers several details that may link to other incidents. The security analyst wants to determine if other incidents are related to the current incident. incidents. The security analyst wants to determine if other incidents are related to the current incident. Which of the following threat research methodoloqies would be MOST appropriate for the analyst to Which of the following threat research methodoloqies would be MOST appropriate for the analyst to use? use? A. Reputation data A. Reputation data B. CVSS score B. CVSS score C. Risk assessment C. Risk assessment D. Behavioral analysis D. Behavioral analysis Answer: D Answer: D

  10. Question 9 Question 9 A security analyst discovered a specific series of IP addresses that are targeting an organization. None A security analyst discovered a specific series of IP addresses that are targeting an organization. None of the attacks have been successful. of the attacks have been successful. Which of the following should the security analyst perform NEXT? Which of the following should the security analyst perform NEXT? A. Begin blocking all IP addresses within that subnet. A. Begin blocking all IP addresses within that subnet. B. Determine the attack vector and total attack surface. B. Determine the attack vector and total attack surface. C. Begin a kill chain analysis to determine the impact. C. Begin a kill chain analysis to determine the impact. D. Conduct threat research on the IP addresses D. Conduct threat research on the IP addresses Answer: D Answer: D

  11. Question 10 Question 10 A security analyst is investigating malicious traffic from an internal system that attempted to A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance software as identified from the firewall logs but the destination IP is download proxy avoidance software as identified from the firewall logs but the destination IP is blocked and not captured. blocked and not captured. Which of the following should the analyst do? Which of the following should the analyst do? A. Shut down the computer A. Shut down the computer B. Capture live data using Wireshark B. Capture live data using Wireshark C. Take a snapshot C. Take a snapshot D. Determine if DNS logging is enabled. D. Determine if DNS logging is enabled. E. Review the network logs. E. Review the network logs. Answer: B Answer: B

More Related