Free CS0-002 Questions for CompTIA Cybersecurity Analyst (CySA+) Certification CS0-002 Exam as PDF & Practice Test Engine
A vulnerability assessment solution is hosted in the cloud This solution will be used as an accurate inventory data source for both the configuration management database and the governance nsk and compliance tool An analyst has been asked to automate the data acquisition Which of the following would be the BEST way to acqutre the data'
Correct Answer: D
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
An incident response plan requires systems that contain critical data to be triaged first in the event of a compromise. Which of the following types of data would most likely be classified as critical?
Correct Answer: D
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
A security analyst is concerned about sensitive data living on company file servers following a zero-day attack that nearly resulted in a breach of millions of customer records. The after action report indicates a lack of controls around the file servers that contain sensitive dat a. Which of the following DLP considerations would best help the analyst to classify and address the sensitive data on the file servers?
Correct Answer: B
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
An internally developed file-monitoring system identified the following except as causing a program to crash often:

Which of the following should a security analyst recommend to fix the issue?

Which of the following should a security analyst recommend to fix the issue?
Correct Answer: B
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
A security analyst is reviewing WAF logs and notes requests against the corporate website are increasing and starting to impact the performance of the web server. The security analyst queries the logs for requests that triggered an alert on the WAF but were not blocked. Which of the following possible TTP combinations might warrant further investigation? (Select TWO).
Correct Answer: D,F
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
A user receives a potentially malicious attachment that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review. Which of the following commands would most likely indicate if the email is malicious?
Correct Answer: C
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions. the user's account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis. The organization has the following reporting priorities when reviewing system activity:
* Successful administrator login reporting priority - high
* Failed administrator login reporting priority - medium
* Failed temporary elevated permissions - low
* Successful temporary elevated permissions - non-reportable
A security analyst is reviewing server syslogs and sees the following:
Which of the following events is the HIGHEST reporting priority?

* Successful administrator login reporting priority - high
* Failed administrator login reporting priority - medium
* Failed temporary elevated permissions - low
* Successful temporary elevated permissions - non-reportable
A security analyst is reviewing server syslogs and sees the following:
Which of the following events is the HIGHEST reporting priority?

Correct Answer: B
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
A security technician configured a NIDS to monitor network traffic. Which of the following is a condition in which harmless traffic is classified as a potential network attack?
Correct Answer: C
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
A company has Detected a large number of tailed login attempts on its network A security analyst is investigating the network's activity logs to establish a pattern of behavior. Which of the following techniques should the analyst use to analyze the increase in failed login attempts?
Correct Answer: D
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Which of the following describes the difference between intentional and unintentional insider threats'?
Correct Answer: C
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Which of the following organizational initiatives would be MOST impacted by data severighty issues?
Correct Answer: B
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
An organization is adopting loT devices at an increasing rate and will need to account for firmware updates in its vulnerability management programs. Despite the number of devices being deployed, the organization has only focused on software patches so far. leaving hardware-related weaknesses open to compromise. Which of the following best practices will help the organization to track and deploy trusted firmware updates as part of its vulnerability management programs?
Correct Answer: A
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Which of the following BEST explains the function of trusted firmware updates as they relate to hardware assurance?
Correct Answer: D
Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
0
0
0
10
