Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CompTIA CySA+ CS0-003 Syllabus Exam Questions Answers

Page: 26 / 37
Total 487 questions

CompTIA CyberSecurity Analyst CySA+ Certification Exam Questions and Answers

Question 101

Which of the following does " federation " most likely refer to within the context of identity and access management?

Options:

A.

Facilitating groups of users in a similar function or profile to system access that requires elevated or conditional access

B.

An authentication mechanism that allows a user to utilize one set of credentials to access multiple domains

C.

Utilizing a combination of what you know, who you are, and what you have to grant authentication to a user

D.

Correlating one ' s identity with the attributes and associated applications the user has access to

Question 102

A security analyst is writing a shell script to identify IP addresses from the same country. Which of the following functions would help the analyst achieve the objective?

Options:

A.

function w() { info=$(ping -c 1 $1 | awk -F “/” ‘END{print $1}’) & & echo “$1 | $info” }

B.

function x() { info=$(geoiplookup $1) & & echo “$1 | $info” }

C.

function y() { info=$(dig -x $1 | grep PTR | tail -n 1 ) & & echo “$1 | $info” }

D.

function z() { info=$(traceroute -m 40 $1 | awk ‘END{print $1}’) & & echo “$1 | $info” }

Question 103

During a routine review of DNS logs, a security analyst observes that Host X has been making frequent DNS requests to domains with random alphanumeric strings, such as ajd8ekthj.xyz. IPS anomaly rules are blocking these domains. This behavior started shortly after a new software installation on the host. Which of the following should the analyst do first to determine whether Host X has been compromised?

Options:

A.

Allow the domains because the DNS requests are part of a misconfigured software update.

B.

Check the software installation logs for errors and reinstall the software.

C.

Block all outbound connections from the host to prevent further DNS queries.

D.

Use threat intelligence to check whether the queried domains are associated with legitimate sites.

Question 104

Which of the following statements best describes the MITRE ATT & CK framework?

Options:

A.

It provides a comprehensive method to test the security of applications.

B.

It provides threat intelligence sharing and development of action and mitigation strategies.

C.

It helps identify and stop enemy activity by highlighting the areas where an attacker functions.

D.

It tracks and understands threats and is an open-source project that evolves.

E.

It breaks down intrusions into a clearly defined sequence of phases.

Page: 26 / 37
Total 487 questions