Regenerate CS0-002 Test Preparation For CompTIA Cybersecurity Analyst (CySA+) Certification Exam Certification

NEW QUESTION 1
A finance department employee has received a message that appears to have been sent from the Chief Financial Officer (CFO) asking the employee to perform a wife transfer Analysis of the email shows the message came from an external source and is fraudulent. Which of the following would work BEST to improve the likelihood of employees quickly recognizing fraudulent emails?

• A. Implementing a sandboxing solution for viewing emails and attachments
• B. Limiting email from the finance department to recipients on a pre-approved whitelist
• C. Configuring email client settings to display all messages in plaintext when read
• D. Adding a banner to incoming messages that identifies the messages as external

Answer: D

NEW QUESTION 2
Which of the following are components of the intelligence cycle? (Select TWO.)

• A. Collection
• B. Normalization
• C. Response
• D. Analysis
• E. Correction
• F. Dissension

Answer: BE

NEW QUESTION 3
An analyst is reviewing a list of vulnerabilities, which were reported from a recent vulnerability scan of a Linux server.
Which of the following is MOST likely to be a false positive?

• A. OpenSSH/OpenSSL Package Random Number Generator Weakness
• B. Apache HTTP Server Byte Range DoS
• C. GDI+ Remote Code Execution Vulnerability (MS08-052)
• D. HTTP TRACE / TRACK Methods Allowed (002-1208)
• E. SSL Certificate Expiry

Answer: E

NEW QUESTION 4
Ransomware is identified on a company's network that affects both Windows and MAC hosts. The command and control channel for encryption for this variant uses TCP ports from 11000 to 65000. The channel goes to good1. Iholdbadkeys.com, which resolves to IP address 72.172.16.2.
Which of the following is the MOST effective way to prevent any newly infected systems from actually encrypting the data on connected network drives while causing the least disruption to normal Internet traffic?

• A. Block all outbound traffic to web host good1 iholdbadkeys.com at the border gateway.
• B. Block all outbound TCP connections to IP host address 172.172.16.2 at the border gateway.
• C. Block all outbound traffic on TCP ports 11000 to 65000 at the border gateway.
• D. Block all outbound traffic on TCP ports 11000 to 65000 to IP host address 172.172.16.2 at the border gateway.

Answer: A

NEW QUESTION 5
A system administrator is doing network reconnaissance of a company’s external network to determine the vulnerability of various services that are running. Sending some sample traffic to the external host, the administrator obtains the following packet capture:

Based on the output, which of the following services should be further tested for vulnerabilities?

• A. SSH
• B. HTTP
• C. SMB
• D. HTTPS

Answer: C

NEW QUESTION 6
A security architect is reviewing the options for performing input validation on incoming web form submissions. Which of the following should the architect as the MOST secure and manageable option?

• A. Client-side whitelisting
• B. Server-side whitelisting
• C. Server-side blacklisting
• D. Client-side blacklisting

Answer: B

NEW QUESTION 7
While planning segmentation for an ICS environment, a security engineer determines IT resources will need access to devices within the ICS environment without compromising security.
To provide the MOST secure access model in this scenario, the jumpbox should be.

• A. placed in an isolated network segment, authenticated on the IT side, and forwarded into the ICS network.
• B. placed on the ICS network with a static firewall rule that allows IT network resources to authenticate.
• C. bridged between the IT and operational technology networks to allow authenticated access.
• D. placed on the IT side of the network, authenticated, and tunneled into the ICS environment.

Answer: D

NEW QUESTION 8
A development team uses open-source software and follows an Agile methodology with two-week sprints. Last month, the security team filed a bug for an insecure version of a common library. The DevOps team updated the library on the server, and then the security team rescanned the server to verify it was no longer vulnerable. This month, the security team found the same vulnerability on the server.
Which of the following should be done to correct the cause of the vulnerability?

• A. Deploy a WAF in front of the application.
• B. Implement a software repository management tool.
• C. Install a HIPS on the server.
• D. Instruct the developers to use input validation in the code.

Answer: B

NEW QUESTION 9
A developer wrote a script to make names and other Pll data unidentifiable before loading a database export into the testing system Which of the following describes the type of control that is being used?

• A. Data encoding
• B. Data masking
• C. Data loss prevention
• D. Data classification

Answer: C

NEW QUESTION 10
A team of security analysis has been alerted to potential malware activity. The initial examination indicates one of the affected workstations on beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team's NEXT step during the detection phase of this response process?

• A. Escalate the incident to management ,who will then engage the network infrastructure team to keep them informed
• B. Depending on system critically remove each affected device from the network by disabling wired and wireless connections
• C. Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses Identify potentially affected systems by creating a correlation
• D. Identify potentially affected system by creating a correlation search in the SIEM based on the network traffic.

Answer: D

NEW QUESTION 11
A security administrator needs to create an IDS rule to alert on FTP login attempts by root. Which of the following rules is the BEST solution?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 12
A cybersecurity analyst is contributing to a team hunt on an organization's endpoints. Which of the following should the analyst do FIRST?

• A. Write detection logic.
• B. Establish a hypothesis.
• C. Profile the threat actors and activities.
• D. Perform a process analysis.

Answer: C

NEW QUESTION 13
A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:

Which of the following can the analyst conclude?

• A. Malware is attempting to beacon to 128.50.100.3.
• B. The system is running a DoS attack against ajgidwle.com.
• C. The system is scanning ajgidwle.com for PII.
• D. Data is being exfiltrated over DNS.

Answer: D

NEW QUESTION 14
A security analyst is supporting an embedded software team. Which of the following is the BEST recommendation to ensure proper error handling at runtime?

• A. Perform static code analysis.
• B. Require application fuzzing.
• C. Enforce input validation
• D. Perform a code review

Answer: B

NEW QUESTION 15
An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to attain the desired outcome?

• A. Duplicate all services in another instance and load balance between the instances.
• B. Establish a hot site with active replication to another region within the same cloud provider.
• C. Set up a warm disaster recovery site with the same cloud provider in a different region
• D. Configure the systems with a cold site at another cloud provider that can be used for failover.

Answer: C

NEW QUESTION 16
A company's marketing emails are either being found in a spam folder or not being delivered at all. The security analyst investigates the issue and discovers the emails in question are being sent on behalf of the company by a third party in1marketingpartners.com Below is the exiting SPP word:

Which of the following updates to the SPF record will work BEST to prevent the emails from being marked as spam or blocked?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 17
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue. INSTRUCTIONS
Click on me ticket to see the ticket details Additional content is available on tabs within the ticket
First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 18
As part of an exercise set up by the information security officer, the IT staff must move some of the network systems to an off-site facility and redeploy them for testing. All staff members must ensure their respective systems can power back up and match their gold image. If they find any inconsistencies, they must formally document the information.
Which of the following BEST describes this test?

• A. Walk through
• B. Full interruption
• C. Simulation
• D. Parallel

Answer: C

NEW QUESTION 19
It is important to parameterize queries to prevent:

• A. the execution of unauthorized actions against a database.
• B. a memory overflow that executes code with elevated privileges.
• C. the establishment of a web shell that would allow unauthorized access.
• D. the queries from using an outdated library with security vulnerabilities.

Answer: A

NEW QUESTION 20
Joe, a penetration tester, used a professional directory to identify a network administrator and ID administrator for a client’s company. Joe then emailed the network administrator, identifying himself as the ID administrator, and asked for a current password as part of a security exercise. Which of the following techniques were used in this scenario?

• A. Enumeration and OS fingerprinting
• B. Email harvesting and host scanning
• C. Social media profiling and phishing
• D. Network and host scanning

Answer: C

NEW QUESTION 21
......