Up To Date CompTIA Cybersecurity Analyst (CySA+) Certification Exam CS0-002 Test Preparation

NEW QUESTION 1
An organization has several system that require specific logons Over the past few months, the security analyst has noticed numerous failed logon attempts followed by password resets. Which of the following should the analyst do to reduce the occurrence of legitimate failed logons and password resets?

• A. Use SSO across all applications
• B. Perform a manual privilege review
• C. Adjust the current monitoring and logging rules
• D. Implement multifactor authentication

Answer: B

NEW QUESTION 2
A user receives a potentially malicious email that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review.
Which of the following commands would MOST likely indicate if the email is malicious?

• A. sha256sum ~/Desktop/file.pdf
• B. file ~/Desktop/file.pdf
• C. strings ~/Desktop/file.pdf | grep "<script"
• D. cat < ~/Desktop/file.pdf | grep -i .exe

Answer: A

NEW QUESTION 3
A pharmaceutical company's marketing team wants to send out notifications about new products to alert users of recalls and newly discovered adverse drug reactions. The team plans to use the names and mailing addresses that users have provided.
Which of the following data privacy standards does this violate?

• A. Purpose limitation
• B. Sovereignty
• C. Data minimization
• D. Retention

Answer: A

NEW QUESTION 4
A security analyst at a technology solutions firm has uncovered the same vulnerabilities on a vulnerability scan for a long period of time. The vulnerabilities are on systems that are dedicated to the firm's largest client. Which of the following is MOST likely inhibiting the remediation efforts?

• A. The parties have an MOU between them that could prevent shutting down the systems
• B. There is a potential disruption of the vendor-client relationship
• C. Patches for the vulnerabilities have not been fully tested by the software vendor
• D. There is an SLA with the client that allows very little downtime

Answer: D

NEW QUESTION 5
An organization needs to limit its exposure to accidental disclosure when employees send emails that contain personal information to recipients outside the company Which of the following technical controls would BEST accomplish this goal?

• A. DLP
• B. Encryption
• C. Data masking
• D. SPF

Answer: A

NEW QUESTION 6
An analyst has been asked to provide feedback regarding the control required by a revised regulatory framework At this time, the analyst only needs to focus on the technical controls. Which of the following should the analyst provide an assessment of?

• A. Tokenization of sensitive data
• B. Establishment o' data classifications
• C. Reporting on data retention and purging activities
• D. Formal identification of data ownership
• E. Execution of NDAs

Answer: A

NEW QUESTION 7
Which of the following types of policies is used to regulate data storage on the network?

• A. Password
• B. Acceptable use
• C. Account management
• D. Retention

Answer: D

NEW QUESTION 8
A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources.
Which of the following BEST describes this attack?

• A. Injection attack
• B. Memory corruption
• C. Denial of service
• D. Array attack

Answer: B

NEW QUESTION 9
Which of the following should be found within an organization's acceptable use policy?

• A. Passwords must be eight characters in length and contain at least one special character.
• B. Customer data must be handled properly, stored on company servers, and encrypted when possible
• C. Administrator accounts must be audited monthly, and inactive accounts should be removed.
• D. Consequences of violating the policy could include discipline up to and including termination.

Answer: D

NEW QUESTION 10
A security analyst is reviewing the logs from an internal chat server. The chat.log file is too large to review manually, so the analyst wants to create a shorter log file that only includes lines associated with a user demonstrating anomalous activity. Below is a snippet of the log:

Which of the following commands would work BEST to achieve the desired result?

• A. grep -v chatter14 chat.log
• B. grep -i pythonfun chat.log
• C. grep -i javashark chat.log
• D. grep -v javashark chat.log
• E. grep -v pythonfun chat.log
• F. grep -i chatter14 chat.log

Answer: D

NEW QUESTION 11
A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output:
Antivirus is installed on the remote host:
Installation path: C:\Program Files\AVProduct\Win32\ Product Engine: 14.12.101
Engine Version: 3.5.71
Scanner does not currently have information about AVProduct version 3.5.71. It may no longer be supported.
The engine version is out of date. The oldest supported version from the vendor is 4.2.11. The analyst uses the vendor's website to confirm the oldest supported version is correct. Which of the following BEST describes the situation?

• A. This is a false positive, and the scanning plugin needs to be updated by the vendor.
• B. This is a true negative, and the new computers have the correct version of the software.
• C. This is a true positive, and the new computers were imaged with an old version of the software.
• D. This is a false negative, and the new computers need to be updated by the desktop team.

Answer: C

NEW QUESTION 12
Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below:
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="http://schemas.s/soap/envelope/ "><s:Body><GetIPLocation+xmlns="http://tempuri.org/">
<request+xmlns:a="http://schemas.somesite.org"+xmlns:i="http://www.w3.org/2001/XMLSchema-instance "></s:Body></s:Envelope> 192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22
POST /services/v1_0/Public/Members.svc/soap
<<a:Password>Password123</a:Password><a:ResetPasswordToken+i:nil="true"/>
<a:ShouldImpersonatedAuthenticationBePopulated+i:nil="true"/><a:Username>somebody@companyname.com 192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="
http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetIPLocation+xmlns="http://tempuri.org/">
<a:IPAddress>516.7.446.605</a:IPAddress><a:ZipCode+i:nil="true"/></request></GetIPLocation></s:Body>< 192.168.1.22 - - api.somesite.com 200 0 1003 1011 307 192.168.1.22
POST /services/v1_0/Public/Members.svc/soap <s:Envelope+xmlns:s="
http://schemas.xmlsoap.org/soap/envelope/"><s:Body><IsLoggedIn+xmlns="http://tempuri.org/">
<request+xmlns:a="http://schemas.datacontract.org/2004/07/somesite.web+xmlns:i="
http://www.w3.org/2001/XMLSchema-instance"><a:Authentication>
<a:ApiToken>kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd</a:ApiToken><a:ImpersonateUserId>0
<a:NetworkId>4</a:NetworkId><a:ProviderId>''1=1</a:ProviderId><a:UserId>13026046</a:UserId></a:Authe 192.168.5.66 - - api.somesite.com 200 0 1378 1209 48 192.168.4.89
Which of the following MOST likely explains how the clients' accounts were compromised?

• A. The clients' authentication tokens were impersonated and replayed.
• B. The clients' usernames and passwords were transmitted in cleartext.
• C. An XSS scripting attack was carried out on the server.
• D. A SQL injection attack was carried out on the server.

Answer: A

NEW QUESTION 13
The computer incident response team at a multinational company has determined that a breach of sensitive data has occurred in which a threat actor has compromised the organization’s email system. Per the incident response procedures, this breach requires notifying the board immediately. Which of the following would be the BEST method of communication?

• A. Post of the company blog
• B. Corporate-hosted encrypted email
• C. VoIP phone call
• D. Summary sent by certified mail
• E. Externally hosted instant message

Answer: C

NEW QUESTION 14
A security analyst discovers accounts in sensitive SaaS-based systems are not being removed in a timely manner when an employee leaves the organization To BEST resolve the issue, the organization should implement

• A. federated authentication
• B. role-based access control.
• C. manual account reviews
• D. multifactor authentication.

Answer: A

NEW QUESTION 15
A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server to achieve the highest level of security To BEST complete this task, the analyst should place the:

• A. firewall behind the VPN server
• B. VPN server parallel to the firewall
• C. VPN server behind the firewall
• D. VPN on the firewall

Answer: B

NEW QUESTION 16
Welcome to the Enterprise Help Desk System. Please work the ticket escalated to you in the desk ticket queue. INSTRUCTIONS
Click on me ticket to see the ticket details Additional content is available on tabs within the ticket
First, select the appropriate issue from the drop-down menu. Then, select the MOST likely root cause from second drop-down menu
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 17
......