New CS0-002 dumps contain 919 exam questions and answers and are the best material for preparing for the CompTIA CySA+ certification exam.
Using CS0-002 dumps: https://www.leads4pass.com/cs0-002.html Select the latest updated CS0-002 dumps PDF, CS0-002 dumps VCE or “PDF + VCE”, Help candidates pass the CompTIA CySA+ certification exam with ease.
Download Free Share CS0-002 Dumps PDF: https://drive.google.com/file/d/19qVA35_5E-QX1yT4zU_JANR3wsQAYNu0/
Read the latest free CS0-002 Dumps exam questions and answers online:
Number of exam questions | Exam name | From | Release time | Last updated |
15 | CompTIA Cybersecurity Analyst (CySA+) | leads4pass | Oct 18, 2022 | CS0-002 dumps |
Question 1:
An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform. Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?
A. FaaS
B. RTOS
C. SoC
D. GPS
E. CAN bus
Correct Answer: E
Question 2:
An information security analyst observes anomalous behavior on the SCADA devices in a power plant. This behavior results in the industrial generators overheating and destabilizing the power supply. Which of the following would BEST identify potential indicators of compromise?
A. Use Burp Suite to capture packets to the SCADA device\’s IP.
B. Use tcpdump to capture packets from the SCADA device IP.
C. Use Wireshark to capture packets between SCADA devices and the management system.
D. Use Nmap to capture packets from the management system to the SCADA devices.
Correct Answer: C
Question 3:
Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII?
A. Human resources
B. Public relations
C. Marketing
D. Internal network operations center
Correct Answer: B
Question 4:
An analyst is working with a network engineer to resolve a vulnerability that was found in a piece of legacy hardware, which is critical to the operation of the organization\’s production line. The legacy hardware does not have third-party support, and the OEM manufacturer of the controller is no longer in operation. The analyst documents the activities and verifies these actions prevent remote exploitation of the vulnerability. Which of the following would be the MOST appropriate to remediate the controller?
A. Segment the network to constrain access to administrative interfaces.
B. Replace the equipment that has third-party support.
C. Remove the legacy hardware from the network.
D. Install an IDS on the network between the switch and the legacy equipment.
Correct Answer: A
Question 5:
A small electronics company decides to use a contractor to assist with the development of a new FPGA- based device. Several of the development phases will occur off-site at the contractor\’s labs.
Which of the following is the main concern a security analyst should have with this arrangement?
A. Making multiple trips between development sites increases the chance of physical damage to the FPGAs.
B. Moving the FPGAs between development sites will lessen the time that is available for security testing.
C. Development phases occurring at multiple sites may produce change management issues.
D. FPGA applications are easily cloned, increasing the possibility of intellectual property theft.
Correct Answer: D
Reference: https://www.eetimes.com/how-to-protect-intellectual-property-in-fpgas-devices-part-1/#
Question 6:
A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:
The analyst runs the following command next:
Which of the following would explain the difference in results?
A. ICMP is being blocked by a firewall.
B. The routing tables for ping and hping3 were different.
C. The original ping command needed root permission to execute.
D. hping3 is returning a false positive.
Correct Answer: A
Question 7:
A cybersecurity analyst is contributing to a team hunt on an organization\’s endpoints. Which of the following should the analyst do FIRST?
A. Write detection logic.
B. Establish a hypothesis.
C. Profile the threat actors and activities.
D. Perform a process analysis.
Correct Answer: C
Reference: https://www.cybereason.com/blog/blog-the-eight-steps-to-threat-hunting
Question 8:
A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the
application to not reclaim memory. This caused the system to be depleted of resources.
Which of the following BEST describes this attack?
A. Injection attack
B. Memory corruption
C. Denial of service
D. Array attack
Correct Answer: C
Reference: https://economictimes.indiatimes.com/definition/memory-corruption
Question 9:
Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.)
A. Parameterized queries
B. Session management
C. Input validation
D. Output encoding
E. Data protection
F. Authentication
Correct Answer: AC
Reference: https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-prevent-sql-injection-attacks/
Question 10:
A cyber-incident response analyst is investigating a suspected cryptocurrency miner on a company\’s server. Which of the following is the FIRST step the analyst should take?
A. Create a full disk image of the server\’s hard drive to look for the file containing the malware.
B. Run a manual antivirus scan on the machine to look for known malicious software.
C. Take a memory snapshot of the machine to capture volatile information stored in memory.
D. Start packet capturing to look for traffic that could be indicative of command and control from the miner.
Correct Answer: D
Question 11:
An information security analyst is compiling data from a recent penetration test and reviews the following output:
The analyst wants to obtain more information about the web-based services that are running on the target. Which of the following commands would MOST likely provide the needed information?
A. ping -t 10.79.95.173.rdns.datacenters.com
B. telnet 10.79.95.173 443
C. ftpd 10.79.95.173.rdns.datacenters.com 443
D. tracert 10.79.95.173
Correct Answer: B
Question 12:
A compliance officer of a large organization has reviewed the firm\’s vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties.
Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)
A. Executing vendor compliance assessments against the organization\’s security controls
B. Executing NDAs prior to sharing critical data with third parties
C. Soliciting third-party audit reports on an annual basis
D. Maintaining and reviewing the organizational risk assessment on a quarterly basis
E. Completing a business impact assessment for all critical service providers
F. Utilizing DLP capabilities at both the endpoint and perimeter levels
Correct Answer: AC
Question 13:
An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems.
As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue?
A. Copies of prior audits that did not identify the servers as an issue
B. Project plans relating to the replacement of the servers that were approved by management
C. Minutes from meetings in which risk assessment activities addressing the servers were discussed
D. ACLs from perimeter firewalls showing blocked access to the servers
E. Copies of change orders relating to the vulnerable servers
Correct Answer: B
Question 14:
A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:
Which of the following can the analyst conclude?
A. Malware is attempting to beacon to 128.50.100.3.
B. The system is running a DoS attack against ajgidwle.com.
C. The system is scanning ajgidwle.com for PII.
D. Data is being exfiltrated over DNS.
Correct Answer: D
Question 15:
It is important to parameterize queries to prevent:
A. the execution of unauthorized actions against a database.
B. a memory overflow that executes code with elevated privileges.
C. the establishment of a web shell that would allow unauthorized access.
D. the queries from using an outdated library with security vulnerabilities.
Correct Answer: A
…
leads4pass CS0-002 dumps have been updated to the latest version. It has been verified by the actual test room and is real and effective. It is the best exam material for the CompTIA CySA+ certification exam. Download CS0-002 dumps with PDF and VCE:https://www.leads4pass.com/cs0-002.html (919 Q&As)
Help candidates pass 100% of CompTIA CySA+ certification exams.
BTW, share part of CS0-002 Dumps PDF online download for free:
https://drive.google.com/file/d/1W9HKnVGNzgIcmgO-s2OFwk6UfO8o8o_g/
https://drive.google.com/file/d/1tU8_mj_LB2ly3U6RdHvPwoj3HmBecW-m/
https://drive.google.com/file/d/1pYQrY9hcvHs-jTwz3Dr3uXpwVRDdVUFW/