Valentine Day Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CompTIA CS0-002 Dumps

Page: 1 / 28
Total 372 questions

CompTIA CySA+ Certification Exam (CS0-002) Questions and Answers

Question 1

Which of the following factors would determine the regulations placed on data under data sovereignty laws?

Options:

A.

What the company intends to do with the data it owns

B.

The company's data security policy

C.

The type of data the company stores

D.

The data laws of the country in which the company is located

Question 2

A development team recently released a new version of a public-facing website for testing prior to production. The development team is soliciting the help of various teams to validate the functionality of the website due to its high visibility. Which of the following activities best describes the process the development team is initiating?

Options:

A.

Static analysis

B.

Stress testing

C.

Code review

D.

User acceptance testing

Question 3

Legacy medical equipment, which contains sensitive data, cannot be patched. Which of the following is the best solution to improve the equipment's security posture?

Options:

A.

Move the legacy systems behind a WAR

B.

Implement an air gap for the legacy systems.

C.

Place the legacy systems in the perimeter network.

D.

Implement a VPN between the legacy systems and the local network.

Question 4

A security analyst implemented a solution that would analyze the attacks that the organization's firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command:

$ sudo nc —1 —v —e maildaemon.py 25 > caplog.txt

Which of the following solutions did the analyst implement?

Options:

A.

Log correlation

B.

Crontab mail script

C.

Sinkhole

D.

Honeypot

Question 5

A security analyst sees the following OWASP ZAP output from a scan that was performed against a modern version of Windows while testing for client-side vulnerabilities:

Which of the following is the MOST likely solution to the listed vulnerability?

Options:

A.

Enable the browser's XSS filter.

B.

Enable Windows XSS protection

C.

Enable the browser's protected pages mode

D.

Enable server-side XSS protection

Question 6

An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issue firewall. Which following actions would help during the forensic analysis of the mobile device? (Select TWO).

Options:

A.

Resetting the phone to factory settings

B.

Rebooting the phone and installing the latest security updates

C.

Documenting the respective chain of custody

D.

Uninstalling any potentially unwanted programs

E.

Performing a memory dump of the mobile device for analysis

F.

Unlocking the device by blowing the eFuse

Question 7

After examining a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using?

Options:

A.

Header analysis

B.

File carving

C.

Metadata analysis

D.

Data recovery

Question 8

A security analyst performed a targeted system vulnerability scan to obtain critical information. After the output result, the analyst used the OVAL XML language to review and calculate the discovered risk. Which of the following types of scans did the security analyst perform?

Options:

A.

Active

B.

Network map

C.

Passive

D.

External

Question 9

A Chief Executive Officer (CEO) is concerned the company will be exposed to data sovereignty issues as a result of some new privacy regulations to help mitigate this risk. The Chief Information Security Officer (CISO) wants to implement an appropriate technical control. Which of the following would meet the requirement?

Options:

A.

Data masking procedures

B.

Enhanced encryption functions

C.

Regular business impact analysis functions

D.

Geographic access requirements

Question 10

A security analyst is analyzing the following output from the Spider tab of OWASP ZAP after a vulnerability scan was completed:

Which of the following options can the analyst conclude based on the provided output?

Options:

A.

The scanning vendor used robots to make the scanning job faster

B.

The scanning job was successfully completed, and no vulnerabilities were detected

C.

The scanning job did not successfully complete due to an out of scope error

D.

The scanner executed a crawl process to discover pages to be assessed

Question 11

A routine vulnerability scan detected a known vulnerability in a critical enterprise web application. Which of the following would be the BEST next step?

Options:

A.

Submit a change request to have the system patched

B.

Evaluate the risk and criticality to determine it further action is necessary

C.

Notify a manager of the breach and initiate emergency procedures.

D.

Remove the application from production and Inform the users.

Question 12

An organization is experiencing security incidents in which a systems administrator is creating unauthorized user accounts A security analyst has created a script to snapshot the system configuration each day. Following iss one of the scripts:

This script has been running successfully every day. Which of the following commands would provide the analyst with additional useful information relevant to the above script?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 13

An organization has a policy that requires servers to be dedicated to one function and unneeded services to be disabled. Given the following output from an Nmap scan of a web server:

Which of the following ports should be closed?

Options:

A.

22

B.

80

C.

443

D.

1433

Question 14

A security officer needs to find the most cost-effective solution to the current data privacy and protection gap found in the last security assessment. Which of the following is the BEST recommendation?

Options:

A.

Require users to sign NDAs

B.

Create a data minimization plan.

C.

Add access control requirements.

D.

Implement a data loss prevention solution.

Question 15

The security team decides to meet informally to discuss and test the response plan for potential security breaches and emergency situations. Which of the following types of training will the security team perform?

Options:

A.

Tabletop exercise

B.

Red-team attack

C.

System assessment implementation

D.

Blue-team training

E.

White-team engagement

Question 16

An organization wants to move non-essential services into a cloud computing environment. The management team has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work best to attain the desired outcome?

Options:

A.

Duplicate all services in another instance and load balance between the instances.

B.

Establish a hot site with active replication to another region within the same cloud provider.

C.

Set up a warm disaster recovery site with the same cloud provider in a different region.

D.

Configure the systems with a cold site at another cloud provider that can be used for failover.

Question 17

While reviewing system logs, a network administrator discovers the following entry:

Which of the following occurred?

Options:

A.

An attempt was made to access a remote workstation.

B.

The PsExec services failed to execute.

C.

A remote shell failed to open.

D.

A user was trying to download a password file from a remote system.

Question 18

Several operator workstations are exhibiting unusual behavior, including applications loading slowly, temporary files being overwritten, and reboot notifications to apply antivirus signatures. During an investigation, an analyst finds evidence of Bitcoin mining. Which of the following is the first step the analyst should take to prevent further spread of the mining operation?

Options:

A.

Reboot each host that is exhibiting the behaviors.

B.

Enable the host-based firewalls to prevent further activity.

C.

Quarantine all the impacted hosts for forensic analysis.

D.

Notify users to turn off all affected devices.

Question 19

A company wants to ensure a third party does not take intellectual property and build a competing product. Which of the following is a non-technical data and privacy control that would best protect the company?

Options:

A.

Data encryption

B.

A non-disclosure agreement

C.

Purpose limitation

D.

Digital rights management

Question 20

A company is required to monitor for unauthorized changes to baselines on all assets to comply with industry regulations. Two of the remote units did not recover after scans were performed on the assets. An analyst needs to recommend a solution to prevent recurrence. Which of the following is the best way to satisfy the regulatory requirement without impacting the availability to similar assets and creating an unsustainable process?

Options:

A.

Manually review the baselines daily and document the results in a change history log

B.

Document exceptions with compensating controls to demonstrate the risk mitigation efforts.

C.

Implement a new scanning technology to satisfy the monitoring requirement and train the team.

D.

Purchase new remote units from other vendors with a proven ability to support scanning requirements.

Question 21

A security analyst is reviewing malware files without running them. Which of the following analysis types is the security analyst using?

Options:

A.

Dynamic

B.

Sandbox

C.

Static

D.

Heuristic

Question 22

A forensic examiner is investigating possible malware compromise on an active endpoint device. Which of the following steps should the examiner perform first?

Options:

A.

Verify the hash value of the image with the value of the copy.

B.

Use a write blocker to create an image of the hard drive.

C.

Create a memory dump from RAM.

D.

Download and apply the latest AV signature.

E.

Reimage the hard drive and apply the latest updates.

Question 23

A security analyst needs to recommend the best approach to test a new application that simulates abnormal user behavior to find software bugs. Which of the following would best accomplish this task?

Options:

A.

A static analysis to find libraries with flaws handling user inputs

B.

A dynamic analysis using a dictionary to simulate user inputs

C.

Reverse engineering to circumvent software protections

D.

Fuzzing tools with polymorphic methods

Question 24

A security analyst is reviewing a firewall usage report that contains traffic generated over the last 30 minutes in order to locate unusual traffic patterns:

Which of the following source IP addresses does the analyst need to investigate further?

Options:

A.

10.18.76.179

B.

10.50.180.49

C.

192.168.48.147

D.

192.168.100.5

Question 25

A company's Chief Information Officer wants to use a CASB solution to ensure policies are being met during cloud access. Due to the nature of the company's business and risk appetite, the management team elected to not store financial information in the cloud. A security analyst needs to recommend a solution to mitigate the threat of financial data leakage into the cloud. Which of the following should the analyst recommend?

Options:

A.

Utilize the CASB to enforce DLP data-at-rest protection for financial information that is stored on premises.

B.

Do not utilize the CASB solution for this purpose, but add DLP on premises for data in motion.

C.

Utilize the CASB to enforce DLP data-in-motion protection for financial information moving to the cloud.

D.

Do not utilize the CASB solution for this purpose, but add DLP on premises for data at rest.

Question 26

A Chief Information Security Officer has requested a security measure be put in place to redirect certain traffic on the network. Which of the following would best resolve this issue?

Options:

A.

Sinkholing

B.

Blocklisting

C.

Geoblocking

D.

Sandboxing

Question 27

While going through successful malware cleanup logs, an analyst notices an old worm that has been replicating itself across the company's network Reinfection of the malware can be prevented with a patch; however, most of the affected systems cannot be patched because the patch would make the system unstable. Which of the following should the analyst recommend to best prevent propagation of the malware throughout the network?

Options:

A.

Segmenting the network to include all legacy systems

B.

Placing vulnerable devices behind a firewall

C.

Scanning the entire network for malware weekly

D.

Patching systems when possible and monitoring the rest of them

Question 28

An analyst is reviewing registry keys for signs of possible compromise. The analyst observes the following entries:

Which of the following entries should the analyst investigate first?

Options:

A.

IAStorIcon

B.

Quickset

C.

SecurityHeaIth

D.

calc

E.

Word

Question 29

During a risk assessment, a senior manager inquires about what the cost would be if a unique occurrence would impact the availability of a critical service. The service generates $1 ,000 in revenue for the organization. The impact of the attack would affect 20% of the server's capacity to perform jobs. The organization expects that five out of twenty attacks would succeed during the year. Which of the following is the calculated single loss expectancy?

Options:

A.

$200

B.

$800

C.

$5,000

D.

$20,000

Question 30

An organization is developing software to match customers' expectations. Before the software goes into production, it must meet the following quality assurance guidelines

• Uncover all the software vulnerabilities.

• Safeguard the interest of the software's end users.

• Reduce the likelihood that a defective program will enter production.

• Preserve the Interests of me software producer

Which of me following should be performed FIRST?

Options:

A.

Run source code against the latest OWASP vulnerabilities.

B.

Document the life-cycle changes that look place.

C.

Ensure verification and vacation took place during each phase.

D.

Store the source code in a s oftware escrow.

E.

Conduct a static analysis of the code.

Question 31

An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issued mobile device while connected to the network. Which of the following actions would help during the forensic analysis of the mobile device? (Select TWO).

Options:

A.

Resetting the phone to factory settings

B.

Rebooting the phone and installing the latest security updates

C.

Documenting the respective chain of custody

D.

Uninstalling any potentially unwanted programs

E.

Performing a memory dump of the mobile device for analysis

F.

Unlocking the device by browsing the eFuse

Question 32

During an audit, several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer. Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products. Which of the following would be the best way to locate this issue?

Options:

A.

Reduce the session timeout threshold

B.

Deploy MFA for access to the web server.

C.

Implement input validation.

D.

Run a dynamic code analysis.

Question 33

Which of the following is a vulnerability associated with the Modbus protocol?

Options:

A.

Weak encryption

B.

Denial of service

C.

Unchecked user input

D.

Lack of authentication

Question 34

An analyst is responding to an incident within a cloud infrastructure Based on the logs and traffic analysis, the analyst thinks a container has been compromised Which of the following should Ihe analyst do FIRST?

Options:

A.

Perform threat hunting in other areas of the cloud infrastructure

B.

Contact law enforcement to report the incident

C.

Perform a root cause analysis on the container and the service logs

D.

Isolate the container from production using a predefined policy template

Question 35

A software developer is correcting the error-handling capabilities of an application following the initial coding of the fix. Which of the following would the software developer MOST likely performed to validate the code poor to pushing it to production?

Options:

A.

Web-application vulnerability scan

B.

Static analysis

C.

Packet inspection

D.

Penetration test

Question 36

A security analyst notices the following proxy log entries:

Which of the following is the user attempting to do based on the log entries?

Options:

A.

Use a DoS attack on external hosts.

B.

Exfiltrate data.

C.

Scan the network.

D.

Relay email.

Question 37

A security analyst is supporting an embedded software team. Which of the following is the best recommendation to ensure proper error handling at runtime?

Options:

A.

Perform static code analysis.

B.

Require application fuzzing.

C.

Enforce input validation.

D.

Perform a code review.

Question 38

A security analyst is correlating, ranking, and enriching raw data into a report that will be interpreted by humans or machines to draw conclusions and create actionable recommendations Which of the following steps in the intelligence cycle is the security analyst performing?

Options:

A.

Analysis and production

B.

Processing and exploitation

C.

Dissemination and evaluation

D.

Data collection

E.

Planning and direction

Question 39

Which of the following can detect vulnerable third-parly libraries before code deployment?

Options:

A.

Impact analysis

B.

Dynamic analysis

C.

Static analysis

D.

Protocol analysis

Question 40

Which of the following organizational initiatives would be MOST impacted by data severighty issues?

Options:

A.

Moving to a cloud-based environment

B.

Migrating to locally hosted virtual servers

C.

Implementing non-repudiation controls

D.

Encrypting local database queries

Question 41

A company is aiming to test a new incident response plan. The management team has made it clear that the initial test should have no impact on the environment. The company has limited

resources to support testing. Which of the following exercises would be the best approach?

Options:

A.

Tabletop scenarios

B.

Capture the flag

C.

Red team vs. blue team

D.

Unknown-environment penetration test

Question 42

Company A is m the process of merging with Company B As part of the merger, connectivity between the ERP systems must be established so portent financial information can be shared between the two entitles. Which of the following will establish a more automated approach to secure data transfers between the two entities?

Options:

A.

Set up an FTP server that both companies can access and export the required financial data to a folder.

B.

Set up a VPN between Company A and Company B. granting access only lo the ERPs within the connection

C.

Set up a PKI between Company A and Company B and Intermediate shared certificates between the two entities

D.

Create static NATs on each entity's firewalls that map lo the ERP systems and use native ERP authentication to allow access.

Question 43

A security analyst who works in the SOC receives a new requirement to monitor for indicators of compromise. Which of the following is the first action the analyst should take in this situation?

Options:

A.

Develop a dashboard to track the indicators of compromise.

B.

Develop a query to search for the indicators of compromise.

C.

Develop a new signature to alert on the indicators of compromise.

D.

Develop a new signature to block the indicators of compromise.

Question 44

A vulnerability scanner has identified an out-of-support database software version running on a server. The software update will take six to nine months to complete. The management team has agreed to a one-year extended support contract with the software vendor. Which of the following BEST describes the risk treatment in this scenario?

Options:

A.

The extended support mitigates any risk associated with the software.

B.

The extended support contract changes this vulnerability finding to a false positive.

C.

The company is transferring the risk for the vulnerability to the software vendor.

D.

The company is accepting the inherent risk of the vulnerability.

Question 45

An organizational policy requires one person to input accounts payable and another to do accounts receivable. A separate control requires one person to write a check and another person to sign all checks greater than $5,000 and to get an additional signature for checks greater than $10,000. Which of the following controls has the organization implemented?

Options:

A.

Segregation of duties

B.

Job rotation

C.

Non-repudiaton

D.

Dual control

Question 46

A cybersecurity analyst routinely checks logs, querying for login attempts. While querying for unsuccessful login attempts during a five-day period, the analyst produces the following report:

Which of the following BEST describes what the analyst Just found?

Options:

A.

Users 4 and 5 are using their credentials to transfer files to multiple servers.

B.

Users 4 and 5 are using their credentials to run an unauthorized scheduled task targeting some servers In the cloud.

C.

An unauthorized user is using login credentials in a script.

D.

A bot is running a brute-force attack in an attempt to log in to the domain.

Question 47

A company frequently expenences issues with credential stuffing attacks Which of the following is the BEST control to help prevent these attacks from being successful?

Options:

A.

SIEM

B.

IDS

C.

MFA

D.

TLS

Question 48

After a remote command execution incident occurred on a web server, a security analyst found the following piece of code in an XML file:

Which of the following it the BEST solution to mitigate this type of attack?

Options:

A.

Implement a better level of user input filters and content sanitization.

B.

Property configure XML handlers so they do not process sent parameters coming from user inputs.

C.

Use parameterized Queries to avoid user inputs horn being processed by the server.

D.

Escape user inputs using character encoding conjoined with whitelisting

Question 49

A company employee downloads an application from the internet. After the installation, the employee begins experiencing noticeable performance issues, and files are appearing on the desktop.

Which of the following processes will the security analyst Identify as the MOST likely indicator of system compromise given the processes running in Task Manager?

Options:

A.

Chrome.exe

B.

Word.exe

C.

Explorer.exe

D.

mstsc.exe

E.

taskmgr.exe

Question 50

An organization is required to be able to consume multiple threat feeds simultaneously and to provide actionable intelligence to various teams. The organization would also like to be able to leverage the intelligence to enrich security event data. Which of the following functions would most likely help the security analyst meet the organization's requirements?

Options:

A.

Vulnerability management

B.

Risk management

C.

Detection and monitoring

D.

Incident response

Question 51

A SIEM analyst receives an alert containing the following URL:

Which of the following BEST describes the attack?

Options:

A.

Password spraying

B.

Buffer overflow

C.

insecure object access

D.

Directory traversal

Question 52

A security analyst is concerned the number of security incidents being reported has suddenly gone down. Daily business interactions have not changed, and no following should the analyst review FIRST?

Options:

A.

The DNS configuration

B.

Privileged accounts

C.

The IDS rule set

D.

The firewall ACL

Question 53

An organization's internal department frequently uses a cloud provider to store large amounts of sensitive data. A threat actor has deployed a virtual machine to at the use of the cloud hosted hypervisor, the threat actor has escalated the access rights. Which of the following actions would be BEST to remediate the vulnerability?

Options:

A.

Sandbox the virtual machine.

B.

Implement an MFA solution.

C.

Update lo the secure hypervisor version.

D.

Implement dedicated hardware for each customer.

Question 54

Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?

Options:

A.

Security regression testing

B.

Code review

C.

User acceptance testing

D.

Stress testing

Question 55

A company is building a new internal network. Instead of creating new credentials, the company wants to streamline each employee's authentication. Which of the following technologies would best fulfill this requirement?

Options:

A.

VPN

B.

SSO

C.

SAML

D.

MFA

Question 56

An organization is focused on restructuring its data governance programs and an analyst has been Tasked with surveying sensitive data within the organization. Which of the following is the MOST accurate method for the security analyst to complete this assignment?

Options:

A.

Perform an enterprise-wide discovery scan.

B.

Consult with an internal data custodian.

C.

Review enterprise-wide asset Inventory.

D.

Create a survey and distribute it to data owners.

Question 57

Which of the following is the best method to ensure secure boot UEFI features are enabled to prevent boot malware?

Options:

A.

Enable secure boot in the hardware and reload the operating system.

B.

Reconfigure the system's MBR and enable NTFS.

C.

Set I-JEFI to legacy mode and enable security features.

D.

Convert the legacy partition table to UEFI and repair the operating system.

Question 58

A security analyst is reviewing vulnerability scans from an organization's internet-facing web services. The following is from an output file called ssl-test_webapps.comptia.org:

Which of the following lines from this output most likely indicates that attackers could quickly use brute force and determine the negotiated secret session key?

Options:

A.

TLS_RSA_WITH_DES_CBC_SHA 56

B.

TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 DH (1024 bits)

C.

TLS_RSA_K1TH_A£S_256_CBC_SHA 256

D.

TLS_DHE_RSA_WITH_AES_256_GCM_SHA256 DH (2048 bits)

Question 59

A new variant of malware is spreading on the company network using TCP 443 to contact its command-and-control server The domain name used for callback continues to change, and the analyst is unable to predict future domain name variance Which of the following actions should the analyst take to stop malicious communications with the LEAST disruption to service?

Options:

A.

Implement a sinkhole with a high entropy level

B.

Disable TCP/53 at the parameter firewall

C.

Block TCP/443 at the edge router

D.

Configure the DNS forwarders to use recursion

Question 60

A security is reviewing a vulnerability scan report and notes the following finding:

As part of the detection and analysis procedures, which of the following should the analyst do NEXT?

Options:

A.

Patch or reimage the device to complete the recovery

B.

Restart the antiviruses running processes

C.

Isolate the host from the network to prevent exposure

D.

Confirm the workstation's signatures against the most current signatures.

Question 61

During an incident response procedure, a security analyst extracted a binary file from the disk of a compromised server. Which of the following is the best approach for analyzing the file without executing it?

Options:

A.

Memory analysis

B.

Hash signature check

C.

Reverse engineering

D.

Dynamic analysis

Question 62

After a series of Group Policy Object updates, multiple services stopped functioning. The systems administrator believes the issue resulted from a Group Policy Object update but cannot validate which update caused the Issue. Which of the following security solutions would resolve this issue?

Options:

A.

Privilege management

B.

Group Policy Object management

C.

Change management

D.

Asset management

Question 63

A user receives a potentially malicious attachment that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review. Which of the following commands would most likely indicate if the email is malicious?

Options:

A.

sha256sum ~/Desktop/fi1e.pdf

B.

/bin/;s -1 ~/Desktop/fi1e.pdf

C.

strings ~/Desktop/fi1e.pdf | grep -i “

D.

cat < ~/Desktop/file.pdf | grep —i .exe

Question 64

Which of the following is the BEST option to protect a web application against CSRF attacks?

Options:

A.

Update the web application to the latest version.

B.

Set a server-side rate limit for CSRF token generation.

C.

Avoid the transmission of CSRF tokens using cookies.

D.

Configure the web application to only use HTTPS and TLS 1.3.

Question 65

A company's blocklist has outgrown the current technologies in place. The ACLs are at maximum, and the IPS signatures only allow a certain amount of space for domains to be added, creating the need for multiple signatures. Which of the following configuration changes to the existing controls would be the MOST appropriate to improve performance?

Options:

A.

Implement a host-file-based solution that will use a list of all domains to deny for all machines on the network.

B.

Create an IDS for the current blocklist to determine which domains are showing activity and may need to be removed

C.

Review the current blocklist and prioritize it based on the level of threat severity. Add the domains with the highest severity to the blocklist.

D.

Review the current blocklist to determine which domains can be removed from the list and then update the ACLs

Question 66

While reviewing abnormal user activity, a security analyst notices a user has the following fileshare activities:

Which of the following should the analyst do first?

Options:

A.

Initiate the security incident response process for unauthorized access.

B.

Shut down the servers while the access is investigated.

C.

Remove the user's access for all fileshares.

D.

Lock the user account until the access can be explained.

Question 67

A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating data. The security engineer also see that deployed, up-to-date antivirus signatures are ineffective. Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

Options:

A.

IDS signatures

B.

Data loss prevention

C.

Port security

D.

Sinkholing

Question 68

Which of the following is the primary reason financial institutions may share up-to-date threat intelligence information on a secure feed that is

dedicated to their sector?

Options:

A.

To augment information about common malicious actors and indicators of compromise

B.

To prevent malicious actors from knowing they can defend against malicious attacks

C.

To keep other industries from accessing information meant for financial institutions

D.

To focus on attacks specifically targeted at their customers’ mobile applications

Question 69

Which of the following BEST explains the function of trusted firmware updates as they relate to hardware assurance?

Options:

A.

Trusted firmware updates provide organizations with development, compilation, remote access, and customization for embedded devices.

B.

Trusted firmware updates provide organizations with security specifications, open-source libraries, and custom toots for embedded devices.

C.

Trusted firmware updates provide organizations with remote code execution, distribution, maintenance, and extended warranties for embedded devices

D.

Trusted firmware updates provide organizations with secure code signing, distribution, installation. and attestation for embedded devices.

Question 70

Which of the following software assessment methods world peak times?

Options:

A.

Security regression testing

B.

Stress testing

C.

Static analysis testing

D.

Dynamic analysis testing

E.

User acceptance testing

Question 71

Malware is suspected on a server in the environment.

The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one Of the servers may be malware.

INSTRUCTIONS

Servers 1 , 2, and 4 are clickable. Select the Server and the process that host the malware.

Options:

Question 72

A security analyst is reviewing the following server statistics:

Which of the following Is MOST likely occurring?

Options:

A.

Race condition

B.

Privilege escalation

C.

Resource exhaustion

D.

VM escape

Question 73

Which of the following is the most effective approach to minimize the occurrence of vulnerabilities introduced by unintentional misconfigurations in the cloud?

Options:

A.

Requiring security training certification before granting access to staff

B.

Migrating all resources to a private cloud deployment

C.

Restricting changes to the deployment of validated laC templates

D.

Reducing laaS deployments by fostering serverless architectures

Question 74

A user reports a malware alert to the help desk. A technician verities the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access. The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes. Which of the following should the security analyst do next?

Options:

A.

Document the procedures and walk through the incident training guide.

B.

Reverse engineer the malware to determine its purpose and risk to the organization.

C.

Sanitize the workstation and verify countermeasures are restored.

D.

Isolate the workstation and issue a new computer to the user.

Question 75

The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the company's singe internet connection. Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT Department?

Options:

A.

Require the guest machines to install the corporate-owned EDR solution.

B.

Configure NAC to only allow machines on the network that are patched and have active antivirus.

C.

Place a firewall In between the corporate network and the guest network

D.

Configure the IPS with rules that will detect common malware signatures traveling from the guest network.

Question 76

To prioritize the morning's work, an analyst is reviewing security alerts that have not yet been investigated. Which of the following assets should be investigated FIRST?

Options:

A.

The workstation of a developer who is installing software on a web server

B.

A new test web server that is in the process of initial installation

C.

An accounting supervisor's laptop that is connected to the VPN

D.

The laptop of the vice president that is on the corporate LAN

Question 77

An internally developed file-monitoring system identified the following except as causing a program to crash often:

Which of the following should a security analyst recommend to fix the issue?

Options:

A.

Open the access.log file ri read/write mode.

B.

Replace the strcpv function.

C.

Perform input samtizaton

D.

Increase the size of the file data buffer

Question 78

A cyber-security analyst is implementing a new network configuration on an existing network access layer to prevent possible physical attacks. Which of the following BEST describes a solution that would apply and cause fewer issues during the deployment phase?

Options:

A.

Implement port security with one MAC address per network port of the switch.

B.

Deploy network address protection with DHCP and dynamic VLANs.

C.

Configure 802.1X and EAPOL across the network

D.

Implement software-defined networking and security groups for isolation

Question 79

An analyst is reviewing the output from some recent network enumeration activities. The following entry relates to a target on the network:

Based on the above output, which Of the following tools or techniques is MOST likely being used?

Options:

A.

Web application firewall

B.

Port triggering

C.

Intrusion prevention system

D.

Port isolation

E.

Port address translation

Question 80

A small business does not have enough staff in the accounting department to segregate duties. The controller writes the checks for the business and reconciles them against the ledger. To ensure there is no fraud occurring, the business conducts quarterly reviews in which a different officer in the business compares all the cleared checks against the ledger. Which of the following BEST describes this type of control?

Options:

A.

Deterrent

B.

Preventive

C.

Compensating

D.

Detective

Question 81

An organization has specific technical nsk mitigation configurations that must be implemented before a new server can be approved for production Several critical servers were recently deployed with the antivirus missing unnecessary ports disabled and insufficient password complexity Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

Options:

A.

Perform password-cracking attempts on all devices going into production

B.

Perform an Nmap scan on all devices before they are released to production

C.

Perform antivirus scans on all devices before they are approved for production

D.

Perform automated security controls testing of expected configurations pnor to production

Question 82

During an incident response procedure, a security analyst acquired the needed evidence from the hard drive of a compromised machine. Which of the following actions should the analyst perform next to ensure the data integrity of the evidence?

Options:

A.

Generate hashes for each file from the hard drive.

B.

Create a chain of custody document.

C.

Determine a timeline of events using correct time synchronization.

D.

Keep the cloned hard drive in a safe place.

Question 83

A security analyst found an old version of OpenSSH running on a DMZ server and determined the following piece of code could have led to a command execution through an integer overflow;

Which of the following controls must be in place to prevent this vulnerability?

Options:

A.

Convert all integer numbers in strings to handle the memory buffer correctly.

B.

Implement float numbers instead of integers to prevent integer overflows.

C.

Use built-in functions from libraries to check and handle long numbers properly.

D.

Sanitize user inputs, avoiding small numbers that cannot be handled in the memory.

Question 84

Which of the following is the best reason why organizations need operational security controls?

Options:

A.

To supplement areas that other controls cannot address

B.

To limit physical access to areas that contain sensitive data

C.

To assess compliance automatically against a secure baseline

D.

To prevent disclosure by potential insider threats

Question 85

Which of the following best explains why it is important for companies to implement both privacy and security policies?

Options:

A.

Private data is insecure by design, so different programs ensure both policies are addressed.

B.

Security policies will automatically ensure the data complies with privacy regulations.

C.

Privacy policies will satisfy all regulations to secure consumer and sensitive company data.

D.

Both policies have some overlap, but the differences can have regulatory consequences.

Question 86

While conoXicting a cloud assessment, a security analyst performs a Prowler scan, which generates the following within the report:

Based on the Prowler report, which of the following is the BEST recommendation?

Options:

A.

Delete Cloud Dev access key 1

B.

Delete BusinessUsr access key 1.

C.

Delete access key 1.

D.

Delete access key 2.

Question 87

Which of the following APT adversary archetypes represent non-nation-state threat actors? (Select TWO)

Options:

A.

Kitten

B.

Panda

C.

Tiger

D.

Jackal

E.

Bear

F.

Spider

Question 88

After examine a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using?

Options:

A.

Header analysis

B.

File carving

C.

Metadata analysis

D.

Data recovery

Question 89

A security analyst is reviewing the following Internet usage trend report:

Which of the following usernames should the security analyst investigate further?

Options:

A.

User1

B.

User 2

C.

User 3

D.

User 4

Question 90

A social media company is planning an acquisition. Prior to the purchase, the Chief Security Officer (CSO) would like a full report to gain a better understanding of the prospective company's cybersecurity posture and to identify risks in the supply chain. Which of the following will best support the CSO's objective?

Options:

A.

Third-party assessment

B.

Memorandum of understanding

C.

Non-disclosure agreement

D.

Software source authenticity

Question 91

A company notices unknown devices connecting to the internal network and would like to implement a solution to block all non-corporate managed machines. Which of the following solutions would be best to accomplish this goal?

Options:

A.

WPA2 for W1F1 networks

B.

NAC with 802.1X implementation

C.

Extensible Authentication Protocol

D.

RADIUS with challenge/response

Question 92

A security learn implemented a SCM as part for its security-monitoring program there is a requirement to integrate a number of sources Into the SIEM to provide better context relative to the events being processed. Which of the following B€ST describes the result the security learn hopes to accomplish by adding these sources?

Options:

A.

Data enrichment

B.

Continuous integration

C.

Machine learning

D.

Workflow orchestration

Question 93

An analyst reviews the most recent vulnerability management report and notices a firewall with 99.98% required uptime is reporting different firmware versions on scans than were reported in previous scans. The vendor released new firewall firmware a few months ago. Which of the following will the analyst most likely do next given the requirements?

Options:

A.

Request to route traffic through a secondary firewall

B.

Check for change tickets.

C.

Perform a credentialed scan

D.

Request an exception to the uptime policy.

Question 94

A security operations manager wants some recommendations for improving security monitoring. The security team currently uses past events to create an IOC list for monitoring.

Which of the following is the best suggestion for improving monitoring capabilities?

Options:

A.

Update the IPS and IDS with the latest rule sets from the provider.

B.

Create an automated script to update the IPS and IDS rule sets.

C.

Use an automated subscription to select threat feeds for IDS.

D.

Implement an automated malware solution on the IPS.

Question 95

Which of the following should a database administrator for an analytics firm implement to best protect PII from an insider threat?

Options:

A.

Data deidentification

B.

Data encryption

C.

Data auditing

D.

Data minimization

Question 96

A customer notifies a security analyst that a web application is vulnerable to information disclosure The analyst needs to indicate the seventy of the vulnerability based on its CVSS score, which the analyst needs to calculate When analyzing the vulnerability the analyst realizes that tor the attack to be successful, the Tomcat configuration file must be modified Which of the following values should the security analyst choose when evaluating the CVSS score?

Options:

A.

Network

B.

Physical

C.

Adjacent

D.

Local

Question 97

A security analyst needs to determine the best method for securing access to a top-secret datacenter Along with an access card and PIN code, which of the following additional authentication methods would be BEST to enhance the datacenter's security?

Options:

A.

Physical key

B.

Retinal scan

C.

Passphrase

D.

Fingerprint

Question 98

The incident response team is working with a third-party forensic specialist to investigate the root cause of a recent intrusion An analyst was asked to submit sensitive network design details for review The forensic specialist recommended electronic delivery for efficiency but email was not an approved communication channel to send network details Which of the following BEST explains the importance of using a secure method of communication during incident response?

Options:

A.

To prevent adversaries from intercepting response and recovery details

B.

To ensure intellectual property remains on company servers

C.

To have a backup plan in case email access is disabled

D.

To ensure the management team has access to all the details that are being exchanged

Question 99

While investigating reports or issues with a web server, a security analyst attempts to log in remotely and recedes the following message:

The analyst accesses the server console, and the following console messages are displayed:

The analyst is also unable to log in on the console. While reviewing network captures for the server, the analyst sees many packets with the following signature:

Which of the following is the BEST step for the analyst to lake next in this situation?

Options:

A.

Load the network captures into a protocol analyzer to further investigate the communication with 128.30.100.23, as this may be a botnet command server

B.

After ensuring network captures from the server are saved isolate the server from the network take a memory snapshot, reboot and log in to do further analysis.

C.

Corporate data is being exfilltrated from the server Reboot the server and log in to see if it contains any sensitive data.

D.

Cryptomining malware is running on the server and utilizing an CPU and memory. Reboot the server and disable any cron Jobs or startup scripts that start the mining software.

Question 100

After running the cat file01.bin | hexdump -c command, a security analyst reviews the following output snippet:

00000000 ff d8 ft e0 00 10 4a 46 49 46 00 01 01 00 00 01 |......JFIF......|

Which of the following digital-forensics techniques is the analyst using?

Options:

A.

Reviewing the file hash

B.

Debugging the binary file

C.

Implementing file carving

D.

Verifying the file type

E.

Utilizing reverse engineering

Question 101

An organization is adopting loT devices at an increasing rate and will need to account for firmware updates in its vulnerability management programs. Despite the number of devices being deployed, the organization has only focused on software patches so far. leaving hardware-related weaknesses open to compromise. Which of the following best practices will help the organization to track and deploy trusted firmware updates as part of its vulnerability management programs?

Options:

A.

Utilize threat intelligence to guide risk evaluation activities and implement critical updates after proper testing.

B.

Apply all firmware updates as soon as they are released to mitigate the risk of compromise.

C.

Determine an annual patch cadence to ensure all patching occurs at the same time.

D.

Implement an automated solution that detects when vendors release firmware updates and immediately deploy updates to production.

Question 102

During a review of the vulnerability scan results on a server, an information security analyst notices the following:

The MOST appropriate action for the analyst to recommend to developers is to change the web server so:

Options:

A.

It only accepts TLSvl 2

B.

It only accepts cipher suites using AES and SHA

C.

It no longer accepts the vulnerable cipher suites

D.

SSL/TLS is offloaded to a WAF and load balancer

Question 103

Which of the following are the most likely reasons to include reporting processes when updating an incident response plan after a breach? (Select two).

Options:

A.

To use the SLA to determine when to deliver the report

B.

To meet regulatory requirements for timely reporting

C.

To limit reputation damage caused by the breach

D.

To remediate vulnerabilities that led to the breach

E.

To isolate potential insider threats

F.

To provide secure network design changes

Question 104

Which of the following is the BEST way to gather patch information on a specific server?

Options:

A.

Event Viewer

B.

Custom script

C.

SCAP software

D.

CI/CD

Question 105

Which of the following data exfiltration discoveries would most likely require communicating a breach to regulatory agencies?

Options:

A.

CRM data

B.

PHI files

C.

SIEM logs

D.

UEBA metrics

Question 106

A forensics investigator is analyzing a compromised workstation. The investigator has cloned the hard drive and needs to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive that was collected as evidence. Which of the following should the investigator do?

Options:

A.

Insert the hard drive on a test computer and boot the computer.

B.

Record the serial numbers of both hard drives.

C.

Compare the file-directory "sting of both hard drives.

D.

Run a hash against the source and the destination.

Question 107

An analyst received an alert regarding an application spawning a suspicious command shell process Upon further investigation, the analyst observes the following registry change occurring immediately after the suspicious event:

Which of the following was the suspicious event able to accomplish?

Options:

A.

Impair defenses.

B.

Establish persistence.

C.

Bypass file access controls.

D.

Implement beaconing.

Question 108

A digital forensics investigator works from duplicate images to preserve the integrity of the original evidence. Which of the following types of media are most volatile and should be preserved? (Select two).

Options:

A.

Memory cache

B.

Registry file

C.

SSD storage

D.

Temporary filesystems

E.

Packet decoding

F.

Swap volume

Question 109

A company's domain has been spooled in numerous phishing campaigns. An analyst needs to determine the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that fails DMARC upon review of the record, the analyst finds the following:

Which of the following BEST explains the reason why the company's requirements are not being processed correctly by mailbox providers?

Options:

A.

The DMARC record's DKIM alignment tag Is incorrectly configured.

B.

The DMARC record's policy tag is incorrectly configured.

C.

The DMARC record does not have an SPF alignment tag.

D.

The DMARC record's version tag is set to DMARC1 instead of the current version, which is DMARC3.

Question 110

An organization has a policy that requires dedicated user accounts to run programs that need elevated privileges. Users must be part of a group that allows elevated permissions. While reviewing security logs, an analyst sees the following:

Which of the following hosts violates the organizational policies?

Options:

A.

pacer

B.

ford

C.

gremlin

D.

lincoln

Question 111

Which of the following is a difference between SOAR and SCAP?

Options:

A.

SOAR can be executed taster and with fewer false positives than SCAP because of advanced heunstics

B.

SOAR has a wider breadth of capability using orchestration and automation, while SCAP is more limited in scope

C.

SOAR is less expensive because process and vulnerability remediation is more automated than what SCAP does

D.

SOAR eliminates the need for people to perform remediation, while SCAP relies heavily on security analysts

Page: 1 / 28
Total 372 questions