[May 18, 2024] Genuine CS0-002 Exam Dumps Free Demo [Q97-Q113]

May 18, 2024 CS0-002, CompTIA 0 Comments

[May 18, 2024] Genuine CS0-002 Exam Dumps Free Demo [Q97-Q113]

Rate this post

[May 18, 2024] Genuine CS0-002 Exam Dumps Free Demo

Printable & Easy to Use CompTIA CySA+ CS0-002 Dumps 100% Same Q&A In Your Real Exam

To be eligible for the CompTIA CySA+ certification exam, candidates should have at least 3-4 years of hands-on experience in cybersecurity. It is also recommended that candidates have a CompTIA Security+ certification or equivalent knowledge. Additionally, candidates should have experience in the following areas: configuring and using threat detection tools, performing data analysis and interpretation, identifying vulnerabilities and risks, and recommending and implementing security solutions.

Q97. A company’s domain has been spooled in numerous phishing campaigns. An analyst needs to determine the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that fails DMARC upon review of the record, the analyst finds the following:

Which of the following BEST explains the reason why the company’s requirements are not being processed correctly by mailbox providers?

The DMARC record’s DKIM alignment tag Is incorrectly configured.

The DMARC record’s policy tag is incorrectly configured.

The DMARC record does not have an SPF alignment tag.

The DMARC record’s version tag is set to DMARC1 instead of the current version, which is DMARC3.

Q98. A security analyst is reviewing a report from the networking department that describes an increase in network utilization, which is causing network performance issues on some systems.
A top talkers report over a five-minute sample is included.

Given the above output of the sample, which of the following should the security analyst accomplish FIRST to help track down the performance issues?

Perform reverse lookups on each of the IP addresses listed to help determine if the traffic is necessary.

Recommend that networking block the unneeded protocols such as Quicktime to clear up some of the congestion.

Put ACLs in place to restrict traffic destined for random or non-default application ports.

Quarantine the top talker on the network and begin to investigate any potential threats caused by the excessive traffic.

Q99. The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the head of the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?

Peer code reviews

Regression testing

User acceptance testing

Fuzzing

Static code analysis

Q100. A security analyst is reviewing the network security monitoring logs listed below:

Which of the following is the analyst MOST likely observing? (Select TWO).

10.1.1.128 sent malicious requests, and the alert is a false positive.

10.1.1.129 sent potential malicious requests to the web server.

10.1.1.129 sent non-malicious requests, and the alert is a false positive.

10.1.1.128 sent potential malicious traffic to the web server.

10.1.1 .129 successfully exploited a vulnerability on the web server.

Q101. During the forensic analysis of a compromised machine, a security analyst discovers some binaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content Which of the following is the NEXT step the analyst should take?

Only allow whitelisted binaries to execute.

Run an antivirus against the binaries to check for malware.

Use file integrity monitoring to validate the digital signature.

Validate the binaries’ hashes from a trusted source.

Q102. As part of an organization’s information security governance process, a Chief Information Security Officer (CISO) is working with the compliance officer to update policies to include statements related to new regulatory and legal requirements. Which of the following should be done to BEST ensure all employees are appropriately aware of changes to the policies?

Conduct a risk assessment based on the controls defined in the newly revised policies

Require all employees to attend updated security awareness training and sign an acknowledgement

Post the policies on the organization’s intranet and provide copies of any revised policies to all active vendors

Distribute revised copies of policies to employees and obtain a signed acknowledgement from them

Q103. You are a penetration tester who is reviewing the system hardening guidelines for a company. Hardening guidelines indicate the following.
There must be one primary server or service per device.
Only default port should be used
Non- secure protocols should be disabled.
The corporate internet presence should be placed in a protected subnet
Instructions :
Using the available tools, discover devices on the corporate network and the services running on these devices.
You must determine
ip address of each device
The primary server or service each device
The protocols that should be disabled based on the hardening guidelines

see the answer below in explanation

Q104. A security analyst is reviewing a web application. If an unauthenticated user tries to access a page in the application, the user is redirected to the login page. After successful authentication, the user is then redirected back to the original page. Some users have reported receiving phishing emails with a link that takes them to the application login page but then redirects to a fake login page after successful authentication.
Which of the following will remediate this software vulnerability?

Enforce unique session IDs for the application.

Deploy a WAF in front of the web application.

Check for and enforce the proper domain for the redirect.

Use a parameterized query to check the credentials.

Implement email filtering with anti-phishing protection.

Q105. A company uses an FTP server to support its critical business functions The FTP server is configured as follows:
* The FTP service is running with (he data duectory configured in /opt/ftp/data.
* The FTP server hosts employees’ home aVectories in /home
* Employees may store sensitive information in their home directories
An loC revealed that an FTP director/ traversal attack resulted in sensitive data loss Which of the following should a server administrator implement to reduce the risk of current and future directory traversal attacks targeted at the FTP server?

Implement file-level encryption of sensitive files

Reconfigure the FTP server to support FTPS

Run the FTP server n a chroot environment

Upgrade the FTP server to the latest version

Q106. A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT.
Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?

Attack vectors

Adversary capability

Diamond Model of Intrusion Analysis

Kill chain

Total attack surface

Q107. A security analyst has received reports of very slow, intermittent access to a public-facing corporate server.
Suspecting the system may be compromised, the analyst runs the following commands:

Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?

Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.

Examine the server logs for further indicators of compromise of a web application.

Run kill -9 1325 to bring the load average down so the server is usable again.

Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server.

Q108. A security technician configured a NIDS to monitor network traffic. Which of the following is a condition in which harmless traffic is classified as a potential network attack?

True positive

True negative

False positive

False negative

Q109. A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activities.
Which of the following would be BEST to implement to alleviate the CISO’s concern?

DLP

Encryption

Test data

NDA

Q110. Approximately 100 employees at your company have received a phishing email. As a security analyst you have been tasked with handling this situation.
INSTRUCTIONS
Review the information provided and determine the following:
1. How many employees clicked on the link in the phishing email?
2. On how many workstations was the malware installed?
3. What is the executable file name or the malware?

Q111. A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The Organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan?

Make sure the scan is credentialed, covers at hosts in the patch management system, and is scheduled during business hours so it can be terminated if it affects business operations.

Make sure the scan is uncredentialed, covers at hosts in the patch management system, and Is scheduled during of business hours so it has the least impact on operations.

Make sure the scan is credentialed, has the latest software and signature versions, covers all external hosts in the patch management system and is scheduled during off-business hours so it has the least impact on operations.

Make sure the scan is credentialed, uses a ironed plug-in set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations.

Q112. An analyst is responding 10 an incident involving an attack on a company-owned mobile device that was being used by an employee to collect data from clients in the held. Maiware was loaded on the device via the installation of a third-party software package The analyst has baselined the device Which of the following should the analyst do to BEST mitigate future attacks?

Implement MDM

Update the maiware catalog

Patch the mobile device’s OS

Block third-party applications

Q113. An analyst is examining a system that is suspected of being involved in an intrusion.
The analyst uses the command `cat/etc/passwd’ and receives the following partial output:

Based on the above output, which of the following should the analyst investigate further?