Far Out CompTIA Cybersecurity Analyst (CySA+) Certification Exam CS0-002 Exam

NEW QUESTION 1
A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied. When conducting the scan, the analyst received the following code snippet of results:

Which of the following describes the output of this scan?

• A. The analyst has discovered a False Positive, and the status code is incorrect providing an OK message.
• B. The analyst has discovered a True Positive, and the status code is correct providing a file not found error message.
• C. The analyst has discovered a True Positive, and the status code is incorrect providing a forbidden message.
• D. The analyst has discovered a False Positive, and the status code is incorrect providing a server error message.

Answer: B

NEW QUESTION 2
A security analyst is investigating a system compromise. The analyst verities the system was up to date on OS patches at the time of the compromise. Which of the following describes the type of vulnerability that was MOST likely expiated?

• A. Insider threat
• B. Buffer overflow
• C. Advanced persistent threat
• D. Zero day

Answer: D

NEW QUESTION 3
A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet.
Which of the following solutions would meet this requirement?

• A. Establish a hosted SSO.
• B. Implement a CASB.
• C. Virtualize the server.
• D. Air gap the server.

Answer: D

NEW QUESTION 4
An employee in the billing department accidentally sent a spreadsheet containing payment card data to a recipient outside the organization The employee intended to send the spreadsheet to an internal staff member with a similar name and was unaware of the mistake until the recipient replied to the message In addition to retraining the employee, which of the following would prevent this from happening in the future?

• A. Implement outgoing filter rules to quarantine messages that contain card data
• B. Configure the outgoing mail filter to allow attachments only to addresses on the whitelist
• C. Remove all external recipients from the employee's address book
• D. Set the outgoing mail filter to strip spreadsheet attachments from all messages.

Answer: B

NEW QUESTION 5
A security manager has asked an analyst to provide feedback on the results of a penetration lest. After reviewing the results the manager requests information regarding the possible exploitation of vulnerabilities Much of the following information data points would be MOST useful for the analyst to provide to the security manager who would then communicate the risk factors to senior management? (Select TWO)

• A. Probability
• B. Adversary capability
• C. Attack vector
• D. Impact
• E. Classification
• F. Indicators of compromise

Answer: AD

NEW QUESTION 6
Which of the following MOST accurately describes an HSM?

• A. An HSM is a low-cost solution for encryption.
• B. An HSM can be networked based or a removable USB
• C. An HSM is slower at encrypting than software
• D. An HSM is explicitly used for MFA

Answer: A

NEW QUESTION 7
A large amount of confidential data was leaked during a recent security breach. As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two
compromised devices.
Which of the following should be used to identify the traffic?

• A. Carving
• B. Disk imaging
• C. Packet analysis
• D. Memory dump
• E. Hashing

Answer: C

NEW QUESTION 8
A storage area network (SAN) was inadvertently powered off while power maintenance was being performed in a datacenter. None of the systems should have lost all power during the maintenance. Upon review, it is discovered that a SAN administrator moved a power plug when testing the SAN's fault notification features.
Which of the following should be done to prevent this issue from reoccurring?

• A. Ensure both power supplies on the SAN are serviced by separate circuits, so that if one circuit goes down, the other remains powered.
• B. Install additional batteries in the SAN power supplies with enough capacity to keep the system powered on during maintenance operations.
• C. Ensure power configuration is covered in the datacenter change management policy and have the SAN administrator review this policy.
• D. Install a third power supply in the SAN so loss of any power intuit does not result in the SAN completely powering off.

Answer: A

NEW QUESTION 9
Which of the following BEST articulates the benefit of leveraging SCAP in an organization’s cybersecurity analysis toolset?

• A. It automatically performs remedial configuration changes to enterprise security services
• B. It enables standard checklist and vulnerability analysis expressions for automation
• C. It establishes a continuous integration environment for software development operations
• D. It provides validation of suspected system vulnerabilities through workflow orchestration

Answer: B

NEW QUESTION 10
An organization developed a comprehensive incident response policy. Executive management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel’s familiarity with incident response procedures?

• A. A simulated breach scenario involving the incident response team
• B. Completion of annual information security awareness training by all employees
• C. Tabletop activities involving business continuity team members
• D. Completion of lessons-learned documentation by the computer security incident response team
• E. External and internal penetration testing by a third party

Answer: A

NEW QUESTION 11
A cybersecurity analyst is responding to an incident. The company’s leadership team wants to attribute the incident to an attack group. Which of the following models would BEST apply to the situation?

• A. Intelligence cycle
• B. Diamond Model of Intrusion Analysis
• C. Kill chain
• D. MITRE ATT&CK

Answer: B

NEW QUESTION 12
An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds.
Which of the following can be inferred from this activity?

• A. 10.200.2.0/24 is infected with ransomware.
• B. 10.200.2.0/24 is not routable address space.
• C. 10.200.2.5 is a rogue endpoint.
• D. 10.200.2.5 is exfiltrating data.

Answer: D

NEW QUESTION 13
Which of the following should be found within an organization's acceptable use policy?

• A. Passwords must be eight characters in length and contain at least one special character.
• B. Customer data must be handled properly, stored on company servers, and encrypted when possible
• C. Administrator accounts must be audited monthly, and inactive accounts should be removed.
• D. Consequences of violating the policy could include discipline up to and including termination.

Answer: D

NEW QUESTION 14
Which of the following software assessment methods would be BEST for gathering data related to an application’s availability during peak times?

• A. Security regression testing
• B. Stress testing
• C. Static analysis testing
• D. Dynamic analysis testing
• E. User acceptance testing

Answer: B

NEW QUESTION 15
A security analyst discovered a specific series of IP addresses that are targeting an organization. None of the attacks have been successful. Which of the following should the security analyst perform NEXT?

• A. Begin blocking all IP addresses within that subnet.
• B. Determine the attack vector and total attack surface.
• C. Begin a kill chain analysis to determine the impact.
• D. Conduct threat research on the IP addresses

Answer: D

NEW QUESTION 16
Which of the following will allow different cloud instances to share various types of data with a minimal amount of complexity?

• A. Reverse engineering
• B. Application log collectors
• C. Workflow orchestration
• D. API integration
• E. Scripting

Answer: D

NEW QUESTION 17
As part of a review of modern response plans, which of the following is MOST important for an organization lo understand when establishing the breach notification period?

• A. Organizational policies
• B. Vendor requirements and contracts
• C. Service-level agreements
• D. Legal requirements

Answer: D

NEW QUESTION 18
An information security analyst is working with a data owner to identify the appropriate controls to preserve the confidentiality of data within an enterprise environment One of the primary concerns is exfiltration of data by malicious insiders Which of the following controls is the MOST appropriate to mitigate risks?

• A. Data deduplication
• B. OS fingerprinting
• C. Digital watermarking
• D. Data loss prevention

Answer: D

NEW QUESTION 19
Which of the following is the use of tools to simulate the ability for an attacker to gain access to a specified network?

• A. Reverse engineering
• B. Fuzzing
• C. Penetration testing
• D. Network mapping

Answer: C

NEW QUESTION 20
During an incident, a cybersecurity analyst found several entries in the web server logs that are related to an IP with a bad reputation . Which of the following would cause the analyst to further review the incident?
A)

B)

C)

D)

E)

• A. Option A
• B. Option B
• C. Option C
• D. Option D
• E. Option E

Answer: D

NEW QUESTION 21
......