Quickly and Easily Pass CompTIA Exam with CS0-002 real Dumps Updated on May-2024 [Q108-Q130]

Quickly and Easily Pass CompTIA Exam with CS0-002 real Dumps Updated on May-2024

Realistic CS0-002 Dumps Questions To Gain Brilliant Result

NEW QUESTION # 108
To validate local system-hardening requirements, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

• A. DACS
• B. DAST
• C. SCAP
• D. SAST

Answer: C

Explanation:
SCAP is a protocol designed to assess the security compliance of computers and other devices. It works by scanning systems against security policies, and can help verify that the scanned device meets security requirements. Here is a link to the CompTIA CySA+ Guide's Chapter 5 - Access Controls for more information: https://certification.comptia.org/docs/default-source/exam-objectives/cs0-002.pdf

NEW QUESTION # 109
Understanding attack vectors and integrating intelligence sources are important components of:

• A. a vulnerability management plan.
• B. risk management compliance.
• C. proactive threat hunting
• D. an incident response plan.

Answer: C

Explanation:
threat hunting activities.
1. Establishing a hypothesis,
2. Profile threat actors/activities,
3. Threat hunting tactics,
4. Reducing attack surface,
5. Bundle critical systems/assets into groups/protected zones,
6. Attack vectors understood, assessed and addressed
7. Integrated intelligence
8. Improving detection capabilities.

NEW QUESTION # 110
A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:

Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

• A. Server2
• B. Server1
• C. PC2
• D. PC1
• E. Firewall

Answer: C

NEW QUESTION # 111
Which of the following activities is designed to handle a control
failure that leads to a breach?

• A. Incident management
• B. Root cause analysis
• C. Risk assessment
• D. Vulnerability management

Answer: A

Explanation:
Incident management is a process that aims to handle a control failure that leads to a breach by restoring normal operations as quickly as possible and minimizing the impact and damage of the incident. Incident management involves activities such as identifying, analyzing, containing, eradicating, recovering, and learning from security incidents. Risk assessment, root cause analysis, and vulnerability management are other processes related to security management, but they are not designed to handle a control failure that leads to a breach. Reference: https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

NEW QUESTION # 112
A security analyst discovers accounts in sensitive SaaS-based systems are not being removed in a timely manner when an employee leaves the organization To BEST resolve the issue, the organization should implement

• A. multifactor authentication.
• B. manual account reviews
• C. role-based access control.
• D. federated authentication

Answer: D

NEW QUESTION # 113
A security analyst has been alerted to several emails that show evidence an employee is planning malicious activities that involve employee PII on the network before leaving the organization. The security analyst's BEST response would be to coordinate with the legal department and:

• A. the human resources department
• B. law enforcement
• C. senior leadership
• D. the public relations department

Answer: A

NEW QUESTION # 114
The security team decides to meet informally to discuss and test the response plan for potential security breaches and emergency situations. Which of the following types of training will the security team perform?

• A. Blue-team training
• B. System assessment implementation
• C. Red-team attack
• D. White-team engagement
• E. Tabletop exercise

Answer: E

Explanation:
Explanation
A tabletop exercise is a type of training used to assess an organization's preparedness in responding to emergencies and security breaches. It involves discussing various scenarios and simulating how the organization would react in each situation.
https://www.comptia.org/content/tabletop-exercises.

NEW QUESTION # 115
An insurance company employs quick-response team drivers that carry corporate-issued mobile devices with the insurance company's app installed on them. Devices are configuration-hardened by an MDM and kept up to date. The employees use the app to collect insurance claim information and process payments. Recently, a number of customers have filed complaints of credit card fraud against the insurance company, which occurred shortly after their payments were processed via the mobile app. The cyber-incident response team has been asked to investigate. Which of the following is MOST likely the cause?

• A. 3G and less secure cellular technologies are not restricted.
• B. USB tethering is enabled.
• C. The MDM server is misconfigured.
• D. The app does not employ TLS.

Answer: D

NEW QUESTION # 116
Which of the following is a switch attack?

• A. MAC overflow
• B. CSRF
• C. XSS
• D. Inference

Answer: A

NEW QUESTION # 117
Which of the following APT adversary archetypes represent non-nation-state threat actors? (Select TWO)

• A. Tiger
• B. Panda
• C. Jackal
• D. Spider
• E. Kitten
• F. Bear

Answer: A,C

NEW QUESTION # 118
An organization wants to collect loCs from multiple geographic regions so it can sell the information to its customers. Which of the following should the organization deploy to accomplish this task?

• A. A bastion host
• B. A proxy server
• C. A Jumpbox
• D. A honeypot

Answer: D

Explanation:
A honeypot is a decoy system that is designed to attract and trap attackers, by mimicking a real system or network, but containing fake or harmless data. A honeypot can be used to collect IoCs from multiple geographic regions, by deploying it in different locations or networks, and monitoring the activities or attacks that target it. A honeypot can also provide valuable threat intelligence data that can be sold to customers.

NEW QUESTION # 119
A security analyst has performed various scans and found vulnerabilities in several applications that affect production data. Remediation of all exploits may cause certain applications to no longer work. Which of the following activities would need to be conducted BEFORE remediation?

• A. Sandboxing
• B. Input validation
• C. Fuzzing
• D. Change control

Answer: D

NEW QUESTION # 120
A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating dat a. The security engineer also see that deployed, up-to-date antivirus signatures are ineffective. Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

• A. Data loss prevention
• B. Sinkholing
• C. Port security
• D. IDS signatures

Answer: D

NEW QUESTION # 121
An analyst is reviewing the following output as part of an incident:

Which of the Wowing is MOST likely happening?

• A. Information is leaking from the memory of host 10.20 30.40
• B. The hosts are part of a reflective denial -of -service attack.
• C. Sensitive data is being exfilltrated by host 192.168.1.10.
• D. Host 291.168.1.10 is performing firewall port knocking.

Answer: C

NEW QUESTION # 122
A security analyst is performing a review of Active Directory and discovers two new user accounts in the accounting department. Neither of the users has elevated permissions, but accounts in the group are given access to the company's sensitive financial management application by default.
Which of the following is the BEST course of action?

• A. Remove the accounts' access privileges to the sensitive application
• B. Follow the incident response plan for the introduction of new accounts
• C. Disable the user accounts
• D. Confirm the accounts are valid and ensure role-based permissions are appropriate
• E. Monitor the outbound traffic from the application for signs of data exfiltration

Answer: D

NEW QUESTION # 123
A security analyst has noticed that a particular server has consumed over 1TB of bandwidth over the course of the month. It has port 3333 open; however, there have not been any alerts or notices regarding the server or its activities. Which of the following did the analyst discover?

• A. DDoS
• B. APT
• C. Zero day
• D. False positive

Answer: C

NEW QUESTION # 124
A zero-day crypto-worm is quickly spreading through the internal network on port 25 and exploiting a software vulnerability found within the email servers. Which of the following countermeasures needs to be implemented as soon as possible to mitigate the worm from continuing to spread?

• A. Implement a traffic sinkhole.
• B. Isolate impacted servers.
• C. Patch affected systems.
• D. Block all known port/services.

Answer: B

NEW QUESTION # 125
A threat feed notes malicious actors have been infiltrating companies and exfiltration data to a specific set of domains Management at an organization wants to know if it is a victim Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?

• A. Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested
• B. Add the domains to a DNS sinkhole and create an alert m the SIEM toot when the domains are queried
• C. Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information
• D. Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443

Answer: C

NEW QUESTION # 126
A company wants to configure the environment to allow passive network monitonng. To avoid disrupting the sensitive network, which of the following must be supported by the scanner's NIC to assist with the company's request?

• A. Promiscuous mode
• B. Tunnel all mode
• C. Port bridging
• D. Port mirroring
• E. Full-duplex mode

Answer: A

Explanation:
Promiscuous mode is the mode that must be supported by the scanner's NIC to assist with the company's request of passive network monitoring. Promiscuous mode is a mode of operation for a network interface controller (NIC) that causes the controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is specifically programmed to receive. This mode is normally used for packet sniffing, the practice of collecting and logging packets that pass through the network for further analysis, such as the analysis of traffic or bandwidth usage1. Promiscuous mode makes sure all transmitted data packets are received and read by network adapters.

NEW QUESTION # 127
A security analyst gathered forensics from a recent intrusion in preparation for legal proceedings. The analyst used EnCase to gather the digital forensics. cloned the hard drive, and took the hard drive home for further analysis. Which of the following of the security analyst violate?

• A. Cloning procedures
• B. Virtualization
• C. Chain of custody
• D. Hashing procedures

Answer: C

NEW QUESTION # 128
A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.
Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)

• A. Manually patch the computers on the network, as recommended on the CVE website.
• B. Resolve the monthly job issues and test them before applying them to the production network.
• C. Tag the computers with critical findings as a business risk acceptance.
• D. Remove the servers reported to have high and medium vulnerabilities.
• E. Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities.
• F. Harden the hosts on the network, as recommended by the NIST framework.

Answer: D,E

NEW QUESTION # 129
A cybersecurity analyst is investigating a potential incident affecting multiple systems on a company's internal network. Although there is a negligible impact to performance, the following symptom present on each of the affected systems:
* Existence of a new and unexpected svchost exe process
* Persistent, outbound TCP/IP connections to an unknown external host with routine keep-alives transferred
* DNS query logs showing successful name resolution for an Internet-resident dynamic DNS domain If this situation remains unresolved, which of the following will MOST likely occur?

• A. The adversary may attempt to perform a man-in-the-middle attack.
• B. An adversary may leverage the affected hosts to reconfigure the company's router ACLs.
• C. The affected hosts may participate in a coordinated DDoS attack upon command
• D. Key files on the affected hosts may become encrypted and require ransom payment for unlock.

Answer: D

NEW QUESTION # 130
......

Achieving the CompTIA CySA+ certification demonstrates to employers that an IT professional has the skills and knowledge required to identify, prevent, and respond to cybersecurity threats. It is an in-demand certification for organizations of all sizes and industries that are looking to hire skilled cybersecurity professionals.

CompTIA Cybersecurity Analyst (CySA+) Certification Exam, also known as the CS0-002 exam, is a vendor-neutral certification exam that tests the knowledge and skills of cybersecurity analysts. CompTIA Cybersecurity Analyst (CySA+) Certification Exam certification is intended for professionals who are responsible for detecting, preventing, and responding to cybersecurity incidents. The CS0-002 exam is designed to validate the knowledge and skills required to perform these tasks effectively.

 

Start your CS0-002 Exam Questions Preparation: https://quiztorrent.testbraindump.com/CS0-002-exam-prep.html