2022 Valid CS0-002 test answers & CompTIA Exam PDF [Q148-Q163]

Share

2022 Valid CS0-002  test answers & CompTIA Exam PDF

Free CompTIA CS0-002 Exam Questions & Answer from Training Expert ExamsLabs


Prerequisites for Taking the CompTIA CySA+ Certification Exam

CS0-002 has no strict requirements. Anyone, regardless of their knowledge level, can apply to take the test. However, CompTIA does recommend that you have a minimum of 4 years’ experience in the cybersecurity field. Also, the candidates should possess the CompTIA Network+ or CompTIA Security+ certificate or understand everything covered by them.

 

NEW QUESTION 148
A vulnerability scan has returned the following information:

Which of the following describes the meaning of these results?

  • A. Connecting to the host using a null session allows enumeration of share names.
  • B. No CVE is present, so it is a false positive caused by Lotus running on a Windows server.
  • C. Trend Micro has a known exploit that must be resolved or patched.
  • D. There is an unknown bug in a Lotus server with no Bugtraq ID.

Answer: A

 

NEW QUESTION 149
A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:

Which of the following can the analyst conclude?

  • A. Malware is attempting to beacon to 128.50.100.3.
  • B. Data is being exfiltrated over DNS.
  • C. The system is scanning ajgidwle.com for PII.
  • D. The system is running a DoS attack against ajgidwle.com.

Answer: C

 

NEW QUESTION 150
An employee in the billing department accidentally sent a spreadsheet containing payment card data to a recipient outside the organization.
The employee intended to send the spreadsheet to an internal staff member with a similar name and was unaware of the mistake until the recipient replied to the message.
In addition to retraining the employee, which of the following would prevent this from happening in the future?

  • A. Remove all external recipients from the employee's address book
  • B. Implement outgoing filter rules to quarantine messages that contain card data
  • C. Configure the outgoing mail filter to allow attachments only to addresses on the whitelist
  • D. Set the outgoing mail filter to strip spreadsheet attachments from all messages.

Answer: C

 

NEW QUESTION 151
A small organization has proprietary software that is used internally. The system has not been well maintained and cannot be updated with the rest of the environment Which of the following is the BEST solution?

  • A. Remove it from the network and require air gapping.
  • B. Implement MFA on the specific system.
  • C. Only allow access to the system via a jumpbox
  • D. Virtualize the system and decommission the physical machine.

Answer: D

 

NEW QUESTION 152
A logistics company's vulnerability scan identifies the following vulnerabilities on Internet-facing devices in the DMZ:
* SQL injection on an infrequently used web server that provides files to vendors
* SSL/TLS not used for a website that contains promotional information
The scan also shows the following vulnerabilities on internal resources:
* Microsoft Office Remote Code Execution on test server for a human resources system
* TLS downgrade vulnerability on a server in a development network
In order of risk, which of the following should be patched FIRST?

  • A. Microsoft Office Remote Code Execution
  • B. SQL injection
  • C. TLS downgrade
  • D. SSL/TLS not used

Answer: A

 

NEW QUESTION 153
Which of the following sets of attributes BEST illustrates the characteristics of an insider threat from a security perspective?

  • A. Unauthorized, intentional, malicious
  • B. Authorized, intentional, malicious
  • C. Authorized, unintentional, benign
  • D. Unauthorized, unintentional, benign

Answer: B

Explanation:
Explanation/Reference: https://www.sciencedirect.com/topics/computer-science/insider-attack

 

NEW QUESTION 154
The help desk noticed a security analyst that emails from a new email server are not being sent out. The new email server was recently added to the existing ones. The analyst runs the following command on the new server.

Given the output, which of the following should the security analyst check NEXT?

  • A. The IP address of the new email server
  • B. The DNS name of the new email server
  • C. The DMARC policy
  • D. The version of SPF that is being used

Answer: B

 

NEW QUESTION 155
An analyst identifies multiple instances of node-to-node communication between several endpoints within the
10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address
10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds.
Which of the following can be inferred from this activity?

  • A. 10.200.2.0/24 is not routable address space.
  • B. 10.200.2.5 is exfiltrating data.
  • C. 10.200.2.5 is a rogue endpoint.
  • D. 10.200.2.0/24 is infected with ransomware.

Answer: B

 

NEW QUESTION 156
A cybersecurity analyst has received the laptop of a user who recently left the company.
The analyst types `history' into the prompt, and sees this line of code in the latest bash history:

This concerns the analyst because this subnet should not be known to users within the company.
Which of the following describes what this code has done on the network?

  • A. Sent 255 ping packets to each host on the network.
  • B. Performed a half open SYB scan on the network.
  • C. Performed a ping sweep of the Class C network.
  • D. Sequentially sent an ICMP echo reply to the Class C network.

Answer: C

 

NEW QUESTION 157
A security analyst received an alert from the antivirus software identifying a complex instance of malware on a company's network. The company does not have the resources to fully analyze the malware and determine its effect on the system. Which of the following is the BEST action to take in the incident recovery and post-incident response process?

  • A. Detect and analyze the precursors and indicators; schedule a lessons learned meeting.
  • B. Remove the malware and inappropriate materials; eradicate the incident.
  • C. Perform event correlation; create a log retention policy.
  • D. Wipe hard drives, reimage the systems, and return the affected systems to ready state.

Answer: B

 

NEW QUESTION 158
File integrity monitoring states the following files have been changed without a written request or approved change.
The following change has been made:
chmod 777 -Rv /usr
Which of the following may be occurring?

  • A. The ownership pf /usr has been changed to the current user.
  • B. Administrative functions have been locked from users.
  • C. The ownership of/usr has been changed to the root user.
  • D. Administrative commands have been made world readable/writable.

Answer: D

 

NEW QUESTION 159
Given the following access log:

Which of the following accurately describes what this log displays?

  • A. Application integration with an externally hosted database
  • B. A vulnerability in jQuery
  • C. A vulnerability in Javascript
  • D. A vulnerability scan performed from the Internet

Answer: D

 

NEW QUESTION 160
In an effort to be proactive, an analyst has run an assessment against a sample workstation before auditors visit next month. The scan results are as follows:

Based on the output of the scan, which of the following is the BEST answer?

  • A. Successful sensitivity level check
  • B. Failed compliance check
  • C. Failed asset inventory
  • D. Failed credentialed scan

Answer: D

 

NEW QUESTION 161
The security team has determined that the current incident response resources cannot meet management's objective to secure a forensic image for all serious security incidents within 24 hours. Which of the following compensating controls can be used to help meet management's expectations?

  • A. Scheduled reviews
  • B. Outsourcing
  • C. Separation of duties
  • D. Dual control

Answer: B

 

NEW QUESTION 162
During an incident, a cybersecurity analyst found several entries in the web server logs that are related to an IP with a bad reputation . Which of the following would cause the analyst to further review the incident?
A)

B)

C)

D)

E)

  • A. Option A
  • B. Option C
  • C. Option E
  • D. Option B
  • E. Option D

Answer: E

 

NEW QUESTION 163
......

Top CompTIA CS0-002 Courses Online: https://www.examslabs.com/CompTIA/CompTIA-CySA/best-CS0-002-exam-dumps.html

CS0-002 Practice Dumps - Verified By ExamsLabs Updated 299 Questions: https://drive.google.com/open?id=1Xp53ngWh_Qo-cuSw4hHgJB1khKFyyviG