Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free CS0-003 Questions Attempt

Page: 6 / 37
Total 487 questions

CompTIA CyberSecurity Analyst CySA+ Certification Exam Questions and Answers

Question 21

An analyst is investigating a phishing incident and has retrieved the following as part of the investigation:

cmd.exe /c c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -NoLogo -NoProfile -EncodedCommand < VERY LONG STRING >

Which of the following should the analyst use to gather more information about the purpose of this command?

Options:

A.

Echo the command payload content into ' base64 -d ' .

B.

Execute the command from a Windows VM.

C.

Use a command console with administrator privileges to execute the code.

D.

Run the command as an unprivileged user from the analyst workstation.

Question 22

A Chief Information Security Officer wants to lock down the users ' ability to change applications that are installed on their Windows systems. Which of the following is the best enterprise-level solution?

Options:

A.

HIPS

B.

GPO

C.

Registry

D.

DLP

Question 23

A company discovers that its proprietary information is being sold on the dark web. A security analyst uses threat hunting to search for signs of compromise. After running a network packet capture tool, the analyst identifies millions of packets similar to the following:

Internet Protocol Version 4, src: 192.168.1.2, dst: 104.21.75.76

Internet Control Message Protocol

Type: 8 Echo request

Code: 0

Checksum: 0x34db [correct]

Sequence number: 3362

No response seen

Data: 64 bytes

Data payload: 0e1b586f3568s51578a2054af4459865b34857a05924b45824...

The analyst does not detect or identify any other abnormalities. Which of the following is most likely the malicious activity in this scenario?

Options:

A.

An insider is using an IP command-and-control channel to sell proprietary information.

B.

A threat actor is performing exfiltration over an alternative protocol.

C.

A machine was infected with a virus that is trying to propagate.

D.

A hacktivist is conducting an ICMP DDoS attack against the company.

Question 24

An analyst has been asked to validate the potential risk of a new ransomware campaign that the Chief Financial Officer read about in the newspaper. The company is a manufacturer of a very small spring used in the newest fighter jet and is a critical piece of the supply chain for this aircraft. Which of the following would be the best threat intelligence source to learn about this new campaign?

Options:

A.

Information sharing organization

B.

Blogs/forums

C.

Cybersecuritv incident response team

D.

Deep/dark web

Page: 6 / 37
Total 487 questions