Actualtests offers free demo for CS0-002 exam. "CompTIA Cybersecurity Analyst (CySA+) Certification Exam", also known as CS0-002 exam, is a CompTIA Certification. This set of posts, Passing the CompTIA CS0-002 exam, will help you answer those questions. The CS0-002 Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA CS0-002 exams and revised by experts!

Also have CS0-002 free dumps questions for you:

NEW QUESTION 1
The help desk noticed a security analyst that emails from a new email server are not being sent out. The new email server was recently to the existing ones. The analyst runs the following command on the new server.
CS0-002 dumps exhibit
Given the output, which of the following should the security analyst check NEXT?

  • A. The DNS name of the new email server
  • B. The version of SPF that is being used
  • C. The IP address of the new email server
  • D. The DMARC policy

Answer: B

NEW QUESTION 2
Which of the following sets of attributes BEST illustrates the characteristics of an insider threat from a security perspective?

  • A. Unauthorized, unintentional, benign
  • B. Unauthorized, intentional, malicious
  • C. Authorized, intentional, malicious
  • D. Authorized, unintentional, benign

Answer: C

NEW QUESTION 3
A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment Which of the following is the BEST solution?

  • A. Virtualize the system and decommission the physical machine.
  • B. Remove it from the network and require air gapping.
  • C. Only allow access to the system via a jumpbox
  • D. Implement MFA on the specific system.

Answer: A

NEW QUESTION 4
A security analyst has received information from a third-party intelligence-sharing resource that indicates employee accounts were breached.
Which of the following is the NEXT step the analyst should take to address the issue?

  • A. Audit access permissions for all employees to ensure least privilege.
  • B. Force a password reset for the impacted employees and revoke any tokens.
  • C. Configure SSO to prevent passwords from going outside the local network.
  • D. Set up privileged access management to ensure auditing is enabled.

Answer: B

NEW QUESTION 5
Bootloader malware was recently discovered on several company workstations. All the workstations run Windows and are current models with UEFI capability.
Which of the following UEFI settings is the MOST likely cause of the infections?

  • A. Compatibility mode
  • B. Secure boot mode
  • C. Native mode
  • D. Fast boot mode

Answer: A

NEW QUESTION 6
A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application.
Which of the following is a security concern when using a PaaS solution?

  • A. The use of infrastructure-as-code capabilities leads to an increased attack surface.
  • B. Patching the underlying application server becomes the responsibility of the client.
  • C. The application is unable to use encryption at the database level.
  • D. Insecure application programming interfaces can lead to data compromise.

Answer: D

NEW QUESTION 7
A security team wants to make SaaS solutions accessible from only the corporate campus.
Which of the following would BEST accomplish this goal?

  • A. Geofencing
  • B. IP restrictions
  • C. Reverse proxy
  • D. Single sign-on

Answer: A

NEW QUESTION 8
A security analyst conducted a risk assessment on an organization's wireless network and identified a high-risk element in the implementation of data confidentially protection. Which of the following is the BEST technical security control to mitigate this risk?

  • A. Switch to RADIUS technology
  • B. Switch to TACACS+ technology.
  • C. Switch to 802 IX technology
  • D. Switch to the WPA2 protocol.

Answer: B

NEW QUESTION 9
You are a cybersecurity analyst tasked with interpreting scan data from Company A's servers. You must verify the requirements are being met for all of the servers and recommend changes if you find they are not.
The company's hardening guidelines indicate the following:
• TLS 1.2 is the only version of TLS running.
• Apache 2.4.18 or greater should be used.
• Only default ports should be used. INSTRUCTIONS
Using the supplied data, record the status of compliance with the company's guidelines for each server.
The question contains two parts: make sure you complete Part 1 and Part 2. Make recommendations for issues based ONLY on the hardening guidelines provided.
CS0-002 dumps exhibit
CS0-002 dumps exhibit
CS0-002 dumps exhibit
CS0-002 dumps exhibit
CS0-002 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Part 1 Answer
Check on the following:
AppServ1 is only using TLS.1.2
AppServ4 is only using TLS.1.2
AppServ1 is using Apache 2.4.18 or greater
AppServ3 is using Apache 2.4.18 or greater
AppServ4 is using Apache 2.4.18 or greater
Part 2 Answer
Recommendation:
Recommendation is to disable TLS v1.1 on AppServ2 and AppServ3. Also upgrade AppServ2 Apache to version 2.4.48 from its current version of 2.3.48
CS0-002 dumps exhibit

NEW QUESTION 10
An organization developed a comprehensive incident response policy. Executive management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel’s familiarity with incident response procedures?

  • A. A simulated breach scenario involving the incident response team
  • B. Completion of annual information security awareness training by all employees
  • C. Tabletop activities involving business continuity team members
  • D. Completion of lessons-learned documentation by the computer security incident response team
  • E. External and internal penetration testing by a third party

Answer: A

NEW QUESTION 11
As part of a merger with another organization, a Chief Information Security Officer (CISO) is working with an assessor to perform a risk assessment focused on data privacy compliance. The CISO is primarily concerned with the potential legal liability and fines associated with data privacy. Based on the CISO's concerns, the assessor will MOST likely focus on:

  • A. qualitative probabilities.
  • B. quantitative probabilities.
  • C. qualitative magnitude.
  • D. quantitative magnitude.

Answer: D

NEW QUESTION 12
A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.
Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)

  • A. Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities.
  • B. Remove the servers reported to have high and medium vulnerabilities.
  • C. Tag the computers with critical findings as a business risk acceptance.
  • D. Manually patch the computers on the network, as recommended on the CVE website.
  • E. Harden the hosts on the network, as recommended by the NIST framework.
  • F. Resolve the monthly job issues and test them before applying them to the production network.

Answer: CE

NEW QUESTION 13
The security team at a large corporation is helping the payment-processing team to prepare for a regulatory compliance audit and meet the following objectives:
CS0-002 dumps exhibit Reduce the number of potential findings by the auditors.
CS0-002 dumps exhibit Limit the scope of the audit to only devices used by the payment-processing team for activities directly impacted by the regulations.
CS0-002 dumps exhibit Prevent the external-facing web infrastructure used by other teams from coming into scope.
CS0-002 dumps exhibit Limit the amount of exposure the company will face if the systems used by the payment-processing
team are compromised.
Which of the following would be the MOST effective way for the security team to meet these objectives?

  • A. Limit the permissions to prevent other employees from accessing data owned by the business unit.
  • B. Segment the servers and systems used by the business unit from the rest of the network.
  • C. Deploy patches to all servers and workstations across the entire organization.
  • D. Implement full-disk encryption on the laptops used by employees of the payment-processing team.

Answer: B

NEW QUESTION 14
An organization developed a comprehensive modern response policy Executive management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel's familiarity with incident response procedures?

  • A. A simulated breach scenario evolving the incident response team
  • B. Completion of annual information security awareness training by ail employees
  • C. Tabtetop activities involving business continuity team members
  • D. Completion of lessons-learned documentation by the computer security incident response team
  • E. External and internal penetration testing by a third party

Answer: A

NEW QUESTION 15
A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two
compromised devices.
Which of the following should be used to identify the traffic?

  • A. Carving
  • B. Disk imaging
  • C. Packet analysis
  • D. Memory dump
  • E. Hashing

Answer: C

NEW QUESTION 16
A threat feed notes malicious actors have been infiltrating companies and exfiltration data to a specific set of domains Management at an organization wants to know if it is a victim Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?

  • A. Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested
  • B. Add the domains to a DNS sinkhole and create an alert m the SIEM toot when the domains are queried
  • C. Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
  • D. Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information

Answer: D

NEW QUESTION 17
A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http://<malwaresource>/a.php in a phishing email.
To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the.

  • A. email server that automatically deletes attached executables.
  • B. IDS to match the malware sample.
  • C. proxy to block all connections to <malwaresource>.
  • D. firewall to block connection attempts to dynamic DNS hosts.

Answer: C

NEW QUESTION 18
Which of the following attacks can be prevented by using output encoding?

  • A. Server-side request forgery
  • B. Cross-site scripting
  • C. SQL injection
  • D. Command injection
  • E. Cross-site request forgery
  • F. Directory traversal

Answer: B

NEW QUESTION 19
Which of the following BEST describes the process by which code is developed, tested, and deployed in small batches?

  • A. Agile
  • B. Waterfall
  • C. SDLC
  • D. Dynamic code analysis

Answer: A

NEW QUESTION 20
While preparing of an audit of information security controls in the environment an analyst outlines a framework control that has the following requirements:
• All sensitive data must be classified
• All sensitive data must be purged on a quarterly basis
• Certificates of disposal must remain on file for at least three years
This framework control is MOST likely classified as:

  • A. prescriptive
  • B. risk-based
  • C. preventive
  • D. corrective

Answer: A

NEW QUESTION 21
......

P.S. Dumps-files.com now are offering 100% pass ensure CS0-002 dumps! All CS0-002 exam questions have been updated with correct answers: https://www.dumps-files.com/files/CS0-002/ (186 New Questions)