CompTIA CySA+ Certification Exam (CS0-002) v1.0

Page:    1 / 13   
Exam contains 201 questions

The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the companyג€™s single Internet connection. Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT department?

  • A. Require the guest machines to install the corporate-owned EDR solution
  • B. Configure NAC to only allow machines on the network that are patched and have active antivirus
  • C. Place a firewall in between the corporate network and the guest network
  • D. Configure the IPS with rules that will detect common malware signatures traveling from the guest network


Answer : B

Following a recent security breach, a company decides to investigate account usage to ensure privileged accounts are only being utilized during typical business hours. During the investigation, a security analyst determines an account was consistently utilized in the middle of the night. Which of the following actions should the analyst take NEXT?

  • A. Disable the privileged account.
  • B. Initiate the incident response plan.
  • C. Report the discrepancy to human resources.
  • D. Review the activity with the user.


Answer : D

Which of the following are reasons why consumer IoT devices should be avoided in an enterprise environment? (Choose two.)

  • A. Message queuing telemetry transport does not support encryption.
  • B. The devices may have weak or known passwords.
  • C. The devices may cause a dramatic increase in wireless network traffic.
  • D. The devices may utilize unsecure network protocols.
  • E. Multiple devices may interfere with the functions of other IoT devices.
  • F. The devices are not compatible with TLS 1.2.


Answer : BD

In response to an audit finding, a companyג€™s Chief Information Officer (CIO) instructed the security department to increase the security posture of the vulnerability management program. Currently, the companyג€™s vulnerability management program has the following attributes:
✑ It is unauthenticated.
✑ It is at the minimum interval specified by the audit framework.
✑ It only scans well-known ports.
Which of the following would BEST increase the security posture of the vulnerability management program?

  • A. Expand the ports being scanned to include all ports. Increase the scan interval to a number the business will accept without causing service interruption. Enable authentication and perform credentialed scans.
  • B. Expand the ports being scanned to include all ports. Keep the scan interval at its current level. Enable authentication and perform credentialed scans.
  • C. Expand the ports being scanned to include all ports. Increase the scan interval to a number the business will accept without causing service interruption. Continue unauthenticated scanning.
  • D. Continue scanning the well-known ports. Increase the scan interval to a number the business will accept without causing service interruption. Enable authentication and perform credentialed scans.


Answer : A

A financial organization has offices located globally. Per the organization's policies and procedures, all executives who conduct business overseas must have their mobile devices checked for malicious software or evidence of tampering upon their return. The information security department oversees this process, and no executive has had a device compromised. The Chief Information Security Officer wants to implement an additional safeguard to protect the organization's data.
Which of the following controls would work BEST to protect the privacy of the data if a device is stolen?

  • A. Implement a mobile device wiping solution for use if a device is lost or stolen.
  • B. Install a DLP solution to track data flow.
  • C. Install an encryption solution on all mobile devices.
  • D. Train employees to report a lost or stolen laptop to the security department immediately.


Answer : A

A software development team asked a security analyst to review some code for security vulnerabilities. Which of the following would BEST assist the security analyst while performing this task?

  • A. Static analysis
  • B. Dynamic analysis
  • C. Regression testing
  • D. User acceptance testing


Answer : A

A security analyst inspects the header of an email that is presumed to be malicious and sees the following:


Which of the following is inconsistent with the rest of the header and should be treated as suspicious?

  • A. The use of a TLS cipher
  • B. The sender's email address
  • C. The destination email server
  • D. The subject line


Answer : B

A team of network security analysts is examining network traffic to determine if sensitive data was exfiltrated. Upon further investigation, the analysts believe confidential data was compromised. Which of the following capabilities would BEST defend against this type of sensitive data exfiltration?

  • A. Deploy an edge firewall.
  • B. Implement DLP.
  • C. Deploy EDR.
  • D. Encrypt the hard drives.


Answer : B

After a series of Group Policy Object updates, multiple services stopped functioning. The systems administrator believes the issue resulted from a Group Policy
Object update but cannot validate which update caused the issue. Which of the following security solutions would resolve this issue?

  • A. Privilege management
  • B. Group Policy Object management
  • C. Change management
  • D. Asset management


Answer : B

Which of the following describes the main difference between supervised and unsupervised machine-learning algorithms that are used in cybersecurity applications?

  • A. Supervised algorithms can be used to block attacks, while unsupervised algorithms cannot.
  • B. Supervised algorithms require security analyst feedback, while unsupervised algorithms do not.
  • C. Unsupervised algorithms are not suitable for IDS systems, while supervised algorithms are.
  • D. Unsupervised algorithms produce more false positives than supervised algorithms.


Answer : D

The SOC has received reports of slowness across all workstation network segments. The currently installed antivirus has not detected anything, but a different anti-malware product was just downloaded and has revealed a worm is spreading. Which of the following should be the NEXT step in this incident response?

  • A. Send a sample of the malware to the antivirus vendor and request urgent signature creation.
  • B. Begin deploying the new anti-malware on all uninfected systems.
  • C. Enable an ACL on all VLANs to contain each segment.
  • D. Compile a list of IoCs so the IPS can be updated to halt the spread.


Answer : A

A vulnerability assessment solution is hosted in the cloud. This solution will be used as an accurate inventory data source for both the configuration management database and the governance, risk, and compliance tool. An analyst has been asked to automate the data acquisition. Which of the following would be the BEST way to acquire the data?

  • A. CSV export
  • B. SOAR
  • C. API
  • D. Machine learning


Answer : B

Which of the following is MOST closely related to the concept of privacy?

  • A. The implementation of confidentiality, integrity, and availability
  • B. A system's ability to protect the confidentiality of sensitive information
  • C. An individual's control over personal information
  • D. A policy implementing strong identity management processes


Answer : C

An organization is focused on restructuring its data governance programs, and an analyst has been tasked with surveying sensitive data within the organization.
Which of the following is the MOST accurate method for the security analyst to complete this assignment?

  • A. Perform an enterprise-wide discovery scan.
  • B. Consult with an internal data custodian.
  • C. Review enterprise-wide asset inventory.
  • D. Create a survey and distribute it to data owners.


Answer : A

Which of the following is the BEST security practice to prevent ActiveX controls from running malicious code on a userג€™s web application?

  • A. Deploying HIPS to block malicious ActiveX code
  • B. Installing network-based IPS to block malicious ActiveX code
  • C. Adjusting the web-browser settings to block ActiveX controls
  • D. Configuring a firewall to block traffic on ports that use ActiveX controls


Answer : C

Reference:
https://support.microsoft.com/en-us/windows/use-activex-controls-for-internet-explorer-11-25738d05-d357-39b4-eb2f-fdd074bbf347


Page:    1 / 13   
Exam contains 201 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.