This page was exported from Exams Labs Braindumps [ http://blog.examslabs.com ] Export date:Sun Nov 24 3:42:50 2024 / +0000 GMT ___________________________________________________ Title: [May 18, 2024] Genuine CS0-002 Exam Dumps Free Demo [Q97-Q113] --------------------------------------------------- [May 18, 2024] Genuine CS0-002 Exam Dumps Free Demo Printable & Easy to Use CompTIA CySA+ CS0-002 Dumps 100% Same Q&A In Your Real Exam To be eligible for the CompTIA CySA+ certification exam, candidates should have at least 3-4 years of hands-on experience in cybersecurity. It is also recommended that candidates have a CompTIA Security+ certification or equivalent knowledge. Additionally, candidates should have experience in the following areas: configuring and using threat detection tools, performing data analysis and interpretation, identifying vulnerabilities and risks, and recommending and implementing security solutions.   Q97. A company’s domain has been spooled in numerous phishing campaigns. An analyst needs to determine the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that fails DMARC upon review of the record, the analyst finds the following:Which of the following BEST explains the reason why the company’s requirements are not being processed correctly by mailbox providers?  The DMARC record’s DKIM alignment tag Is incorrectly configured.  The DMARC record’s policy tag is incorrectly configured.  The DMARC record does not have an SPF alignment tag.  The DMARC record’s version tag is set to DMARC1 instead of the current version, which is DMARC3. The DMARC record’s policy tag is incorrectly configured and explains why the company’s requirements are not being processed correctly by mailbox providers. The policy tag (p) specifies how mailbox providers should handle messages from the domain that fail DMARC checks. The possible values for the policy tag are none, quarantine, or reject1. None means that no action is taken on failed messages and only reports are sent. Quarantine means that failed messages are treated as suspicious and may be filtered or marked as spam. Reject means that failed messages are rejected and not delivered. In this case, the company’s DMARC record has a policy tag value of none, which means that mailbox providers will not ignore any email that fails DMARC as required by the company. Instead, mailbox providers will deliver all messages from the domain regardless of their DMARC status and only send reports to the company. To fix this issue, the company should change its policy tag value to reject, which means that mailbox providers will reject and ignore any email that fails DMARC as required by the company. The DMARC record’s DKIM alignment tag (A) is not incorrectly configured and does not explain why the company’s requirements are not being processed correctly by mailbox providers. The DKIM alignment tag (adkim) specifies how strictly mailbox providers should match DKIM identifiers with From domain identifiers2. The possible values for DKIM alignment tag are s or r. S means strict alignment, which means that DKIM identifiers must exactly match From domain identifiers. R means relaxed alignment, which means that DKIM identifiers must match From domain identifiers at an organizational level (e.g., subdomain.example.com and example.com are considered aligned). In this case, the company’s DMARC record has a DKIM alignment tag value of r, which means that mailbox providers will use relaxed alignment for DKIM verification.Q98. A security analyst is reviewing a report from the networking department that describes an increase in network utilization, which is causing network performance issues on some systems.A top talkers report over a five-minute sample is included.Given the above output of the sample, which of the following should the security analyst accomplish FIRST to help track down the performance issues?  Perform reverse lookups on each of the IP addresses listed to help determine if the traffic is necessary.  Recommend that networking block the unneeded protocols such as Quicktime to clear up some of the congestion.  Put ACLs in place to restrict traffic destined for random or non-default application ports.  Quarantine the top talker on the network and begin to investigate any potential threats caused by the excessive traffic. Q99. The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the head of the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?  Peer code reviews  Regression testing  User acceptance testing  Fuzzing  Static code analysis Q100. A security analyst is reviewing the network security monitoring logs listed below:Which of the following is the analyst MOST likely observing? (Select TWO).  10.1.1.128 sent malicious requests, and the alert is a false positive.  10.1.1.129 sent potential malicious requests to the web server.  10.1.1.129 sent non-malicious requests, and the alert is a false positive.  10.1.1.128 sent potential malicious traffic to the web server.  10.1.1 .129 successfully exploited a vulnerability on the web server. Q101. During the forensic analysis of a compromised machine, a security analyst discovers some binaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content Which of the following is the NEXT step the analyst should take?  Only allow whitelisted binaries to execute.  Run an antivirus against the binaries to check for malware.  Use file integrity monitoring to validate the digital signature.  Validate the binaries’ hashes from a trusted source. Q102. As part of an organization’s information security governance process, a Chief Information Security Officer (CISO) is working with the compliance officer to update policies to include statements related to new regulatory and legal requirements. Which of the following should be done to BEST ensure all employees are appropriately aware of changes to the policies?  Conduct a risk assessment based on the controls defined in the newly revised policies  Require all employees to attend updated security awareness training and sign an acknowledgement  Post the policies on the organization’s intranet and provide copies of any revised policies to all active vendors  Distribute revised copies of policies to employees and obtain a signed acknowledgement from them Q103. You are a penetration tester who is reviewing the system hardening guidelines for a company. Hardening guidelines indicate the following.There must be one primary server or service per device.Only default port should be usedNon- secure protocols should be disabled.The corporate internet presence should be placed in a protected subnetInstructions :Using the available tools, discover devices on the corporate network and the services running on these devices.You must determineip address of each deviceThe primary server or service each deviceThe protocols that should be disabled based on the hardening guidelines  see the answer below in explanation Answer below imagesQ104. A security analyst is reviewing a web application. If an unauthenticated user tries to access a page in the application, the user is redirected to the login page. After successful authentication, the user is then redirected back to the original page. Some users have reported receiving phishing emails with a link that takes them to the application login page but then redirects to a fake login page after successful authentication.Which of the following will remediate this software vulnerability?  Enforce unique session IDs for the application.  Deploy a WAF in front of the web application.  Check for and enforce the proper domain for the redirect.  Use a parameterized query to check the credentials.  Implement email filtering with anti-phishing protection. Q105. A company uses an FTP server to support its critical business functions The FTP server is configured as follows:* The FTP service is running with (he data duectory configured in /opt/ftp/data.* The FTP server hosts employees’ home aVectories in /home* Employees may store sensitive information in their home directoriesAn loC revealed that an FTP director/ traversal attack resulted in sensitive data loss Which of the following should a server administrator implement to reduce the risk of current and future directory traversal attacks targeted at the FTP server?  Implement file-level encryption of sensitive files  Reconfigure the FTP server to support FTPS  Run the FTP server n a chroot environment  Upgrade the FTP server to the latest version This would limit the FTP server’s access to a specific directory tree and prevent directory traversal attacks that could access files outside of that tree. Implementing file-level encryption, supporting FTPS, or upgrading the FTP server would not prevent directory traversal attacks.Q106. A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT.Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?  Attack vectors  Adversary capability  Diamond Model of Intrusion Analysis  Kill chain  Total attack surface Reference: https://www.secureworks.com/blog/advanced-persistent-threats-apt-bQ107. A security analyst has received reports of very slow, intermittent access to a public-facing corporate server.Suspecting the system may be compromised, the analyst runs the following commands:Based on the output from the above commands, which of the following should the analyst do NEXT to further the investigation?  Run crontab -r; rm -rf /tmp/.t to remove and disable the malware on the system.  Examine the server logs for further indicators of compromise of a web application.  Run kill -9 1325 to bring the load average down so the server is usable again.  Perform a binary analysis on the /tmp/.t/t file, as it is likely to be a rogue SSHD server. Q108. A security technician configured a NIDS to monitor network traffic. Which of the following is a condition in which harmless traffic is classified as a potential network attack?  True positive  True negative  False positive  False negative Q109. A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activities.Which of the following would be BEST to implement to alleviate the CISO’s concern?  DLP  Encryption  Test data  NDA Q110. Approximately 100 employees at your company have received a phishing email. As a security analyst you have been tasked with handling this situation.INSTRUCTIONSReview the information provided and determine the following:1. How many employees clicked on the link in the phishing email?2. On how many workstations was the malware installed?3. What is the executable file name or the malware? Select the following answer as per diagram below.Q111. A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The Organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan?  Make sure the scan is credentialed, covers at hosts in the patch management system, and is scheduled during business hours so it can be terminated if it affects business operations.  Make sure the scan is uncredentialed, covers at hosts in the patch management system, and Is scheduled during of business hours so it has the least impact on operations.  Make sure the scan is credentialed, has the latest software and signature versions, covers all external hosts in the patch management system and is scheduled during off-business hours so it has the least impact on operations.  Make sure the scan is credentialed, uses a ironed plug-in set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations. Q112. An analyst is responding 10 an incident involving an attack on a company-owned mobile device that was being used by an employee to collect data from clients in the held. Maiware was loaded on the device via the installation of a third-party software package The analyst has baselined the device Which of the following should the analyst do to BEST mitigate future attacks?  Implement MDM  Update the maiware catalog  Patch the mobile device’s OS  Block third-party applications Blocking third-party applications would be the best way to mitigate future attacks on company-owned mobile devices that are used by employees to collect data from clients in the field. Third-party applications are applications that are not developed or authorized by the device manufacturer or operating system provider1. Third-party applications can pose a security risk for mobile devices, as they may contain malware, spyware, or other malicious code that can compromise the device or its data2. Blocking third-party applications can help prevent employees from installing unauthorized or untrusted applications on company-owned mobile devices and reduce the attack surface.Q113. An analyst is examining a system that is suspected of being involved in an intrusion.The analyst uses the command `cat/etc/passwd’ and receives the following partial output:Based on the above output, which of the following should the analyst investigate further?  User `daemon’ should not have a home directory of /usr/sbin  User `root’ should not have a home directory of /root  User `news’ should not have a default shell of /bin/bash  User `mail’ should not have a default shell of /usr/sbin/nologin  Loading … CS0-002 Practice Test Give You First Time Success with 100% Money Back Guarantee!: https://www.examslabs.com/CompTIA/CompTIA-CySA/best-CS0-002-exam-dumps.html --------------------------------------------------- Images: https://blog.examslabs.com/wp-content/plugins/watu/loading.gif https://blog.examslabs.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-05-18 10:31:56 Post date GMT: 2024-05-18 10:31:56 Post modified date: 2024-05-18 10:31:56 Post modified date GMT: 2024-05-18 10:31:56