Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CompTIA CySA+ Changed CS0-003 Questions

Page: 12 / 37
Total 487 questions

CompTIA CyberSecurity Analyst CySA+ Certification Exam Questions and Answers

Question 45

An analyst wants to track how quickly vulnerabilities are identified. Which of the following would be the best metric?

Options:

A.

KPI

B.

MTTD

C.

SLO

D.

Alert volume

Question 46

The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?

Options:

A.

A mean time to remediate of 30 days

B.

A mean time to detect of 45 days

C.

A mean time to respond of 15 days

D.

Third-party application testing

Question 47

A security analyst needs to identify the devices in a critical infrastructure network that handles an oil and gas pipeline. The network has devices connected over IPv4 using either HTTP or Modbus protocols running on the standard ports. Which of the following approaches should the analyst use to achieve the objective?

Options:

A.

Employ the IT vulnerability scanner to target ports 80 and 502.

B.

Use banner grabbing with Netcat on TCP ports 80 and 502.

C.

Perform an Nmap -sS -A -p 80,502 scan.

D.

Scan the ICS network using Masscan --open-only -p80,502.

Question 48

An end-of-life date was announced for a widely used OS. A business-critical function is performed by some machinery that is controlled by a PC, which is utilizing the OS that is approaching the end-of- life date. Which of the following best describes a security analyst ' s concern?

Options:

A.

Any discovered vulnerabilities will not be remediated.

B.

An outage of machinery would cost the organization money.

C.

Support will not be available for the critical machinery

D.

There are no compensating controls in place for the OS.

Page: 12 / 37
Total 487 questions