Latest CompTIA CS0-002 PDF and Dumps (2024) Free Exam Questions Answers Pass Your CompTIA CySA+ CS0-002 Exam on Jan 07, 2024 with 371 Questions NEW QUESTION # 86 White reviewing incident reports from the previous night, a security analyst notices the corporate websites were defaced with po mcai propaganda. Which of the following BEST Describes this type of actor? A. Nation-state B. insider threat C. [...]

All Products Contact now

Latest CompTIA CS0-002 PDF and Dumps (2024) Free Exam Questions Answers [Q86-Q103]

Share

Latest CompTIA CS0-002 PDF and Dumps (2024) Free Exam Questions Answers

Pass Your CompTIA CySA+ CS0-002 Exam on Jan 07, 2024 with 371 Questions

NEW QUESTION # 86
White reviewing incident reports from the previous night, a security analyst notices the corporate websites were defaced with po mcai propagand
a. Which of the following BEST Describes this type of actor?

  • A. Nation-state
  • B. insider threat
  • C. Organized crime
  • D. Hacktivist

Answer: D


NEW QUESTION # 87
A cybersecurity consultant found common vulnerabilities across the following services used by multiple servers at an organization: VPN, SSH, and HTTPS. Which of the following is the MOST likely reason for the discovered vulnerabilities?

  • A. Weak level of encryption entropy
  • B. Vulnerable version of OpenSSL
  • C. Common initialization vector
  • D. Leaked PKI private key
  • E. Vulnerable implementation of PEAP

Answer: A


NEW QUESTION # 88
A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output.

Which of the following commands should the administrator run NEXT to further analyze the compromised system?

  • A. kill -9 1301
  • B. strace /proc/1301
  • C. rpm -V openash-server
  • D. /bin/la -1 /proc/1301/exe

Answer: B


NEW QUESTION # 89
A red team actor observes it is common practice to allow cell phones to charge on company computers, but access to the memory storage is blocked. Which of the following are common attack techniques that take advantage of this practice? (Choose two.)

  • A. A USB attack that tricks the computer into thinking the connected device is a keyboard, and then sends characters one at a time as a keyboard to launch the attack (a prerecorded series of keystrokes)
  • B. A USB attack that turns the connected device into a rogue access point that spoofs the configured wireless SSIDs
  • C. A Bluetooth attack that modifies the device registry (Windows PCs only) to allow the flash drive to mount, and then launches a Java applet attack
  • D. A USB attack that tricks the system into thinking it is a network adapter, then runs a user password hash gathering utility for offline password cracking
  • E. A Bluetooth peering attack called "Snarfing" that allows Bluetooth connections on blocked device types if physically connected to a USB port

Answer: C,E


NEW QUESTION # 90
An organization is experiencing security incidents in which a systems administrator is creating unauthorized user accounts A security analyst has created a script to snapshot the system configuration each day. Following iss one of the scripts:

This script has been running successfully every day. Which of the following commands would provide the analyst with additional useful information relevant to the above script?
A)

B)

C)

  • A. Option B
  • B. Option D
  • C. Option A
  • D. Option C

Answer: B

Explanation:
Option D would provide the analyst with additional useful information relevant to the above script. Option D is a command that compares two files and shows the differences between them. In this case, the command compares the current snapshot of the system configuration (sysconfig.txt) with the previous snapshot (sysconfig.txt.old). This can help the analyst to identify any changes or anomalies in the system configuration that may indicate unauthorized or malicious activity. Option A is a command that copies a file from one location to another. In this case, the command copies the current snapshot of the system configuration (sysconfig.txt) to a backup location (/backup/sysconfig.txt). This can help the analyst to preserve evidence or restore the system configuration if needed, but it does not provide any additional information relevant to the above script. Option B is a command that prints a file to standard output. In this case, the command prints the current snapshot of the system configuration (sysconfig.txt) to the screen. This can help the analyst to review or analyze the system configuration, but it does not provide any additional information relevant to the above script. Option C is a command that moves a file from one location to another. In this case, the command moves the current snapshot of the system configuration (sysconfig.txt) to another location (/old/sysconfig.txt). This can help the analyst to organize or archive the system configuration files, but it does not provide any additional information relevant to the above script.


NEW QUESTION # 91
Given the Nmap request below:

Which of the following actions will an attacker be able to initiate directly against this host?

  • A. ARP spoofing
  • B. An SQL injection
  • C. Password sniffing
  • D. A brute-force attack

Answer: D

Explanation:
The Nmap command given in the question performs a TCP SYN scan (-sS), a service version detection scan (-sV), an OS detection scan (-O), and a port scan for ports 1-1024 (-p 1-1024) on the host 192.168.1.1. This command will reveal information about the host's operating system, open ports, and running services, which can be used by an attacker to launch a brute-force attack against the host. A brute-force attack is a method of guessing passwords or encryption keys by trying many possible combinations until finding the correct one. An attacker can use the information from the Nmap scan to target specific services or protocols that may have weak or default credentials, such as FTP, SSH, Telnet, or HTTP.


NEW QUESTION # 92
A security analyst was transferred to an organization's threat-hunting team to track specific activity throughout the enterprise environment The analyst must observe and assess the number ot times this activity occurs and aggregate the results. Which of the following is the BEST threat-hunting method for the analyst to use?

  • A. Searching
  • B. Grouping
  • C. Clustering
  • D. Stack counting

Answer: D

Explanation:
Stack counting is the best threat-hunting method for the analyst to use to observe and assess the number of times a specific activity occurs and aggregate the results. Stack counting is a technique that involves collecting data from multiple sources, such as logs, events, or alerts, and grouping them by a common attribute, such as an IP address, a user name, or a process name. Stack counting can help identify patterns, trends, outliers, or anomalies in the data that may indicate malicious activity or compromise.


NEW QUESTION # 93
After examine a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using?

  • A. Metadata analysis
  • B. Data recovery
  • C. Header analysis
  • D. File carving

Answer: D


NEW QUESTION # 94
Following a data compromise, a cybersecurity analyst noticed the following executed query:
SELECT * from Users WHERE name = rick OR 1=1
Which of the following attacks occurred, and which of the following technical security controls would BEST reduce the risk of future impact from this attack? (Select TWO).

  • A. SQL injection
  • B. Cookie encryption
  • C. Character blacklist
  • D. XSS attack
  • E. Parameter validation
  • F. Malicious code execution

Answer: A,E

Explanation:
https://lwn.net/Articles/177037/


NEW QUESTION # 95
A security analyst performed a review of an organization's software development life cycle. The analyst reports that the life cycle does not contain in a phase in which team members evaluate and provide critical feedback on another developer's code. Which of the following assessment techniques is BEST for describing the analyst's report?

  • A. Peer review
  • B. Architectural evaluation
  • C. Waterfall
  • D. Whitebox testing

Answer: A


NEW QUESTION # 96
When reviewing network traffic, a security analyst detects suspicious activity:

Based on the log above, which of the following vulnerability attacks is occurring?

  • A. DROWN
  • B. POODLE
  • C. Zeus
  • D. ShellShock
  • E. Heartbleed

Answer: B

Explanation:
The DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) attack is a cross- protocol security bug that attacks servers supporting modern TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure.DROWN can affect all types of servers that offer services encrypted with TLS yet still support SSLv2, provided they share the same public key credentials between the two protocols. Additionally, if the same public key certificate is used on a different server that supports SSLv2, the TLS server is also vulnerable due to the SSLv2 server leaking key information that can be used against the TLS server.


NEW QUESTION # 97
An organization has had problems with security teams remediating vulnerabilities that are either false positives or are not applicable to the organization's servers. Management has put emphasis on security teams conducting detailed analysis and investigation before conducting any remediation.
The output from a recent Apache web server scan is shown below:

The team performs some investigation and finds this statement from Apache on 07/02/2008:
"Fixed in Apache HTTP server 2.2.6, 2.0.61, and 1.3.39"
Which of the following conditions would require the team to perform remediation on this finding?

  • A. The organization is running version 2.0.59 is not using a public-server-status page
  • B. The organization is running version 1.3.39 and is using a public-server-status page
  • C. The organization is running version 2.2.6 and has ExtendedStatus enabled
  • D. The organization is running version 2.0.5 and has ExtendedStatus enabled

Answer: D


NEW QUESTION # 98
Which of the following factors would determine the regulations placed on data under data sovereignty laws?

  • A. The data laws of the country in which the company is located
  • B. The company's data security policy
  • C. The type of data the company stores
  • D. What the company intends to do with the data it owns

Answer: A

Explanation:
The data laws of the country in which the company is located would determine the regulations placed on data under data sovereignty laws. Data sovereignty laws are laws that govern how data is collected, stored, processed, and transferred within a country's jurisdiction. Data sovereignty laws can vary from country to country, depending on their legal system, political system, culture, and values. Data sovereignty laws can affect how companies handle their data, especially when they operate across borders or use cloud services. For example, some countries may have strict data protection or privacy laws that require companies to obtain consent from data subjects before collecting or processing their data. Some countries may also have data localization or data residency laws that require companies to store their data within the country's borders or limit cross-border data transfers.


NEW QUESTION # 99
The human resources division is moving all of its applications to an IaaS cloud. The Chief Information Officer (CIO) has asked the security architect to design the environment securely to prevent the IaaS provider from accessing its data-at-rest and data-in-transit within the infrastructure. Which of the following security controls should the security architect recommend?

  • A. Ensure all backups are remote outside the control of the IaaS provider
  • B. Ensure all of the IaaS provider's workforce passes stringent background checks
  • C. Render data unreadable through the use of appropriate tools and techniques
  • D. Implement a non-data breach agreement

Answer: C


NEW QUESTION # 100
A security analyst for a large pharmaceutical company was given credentials from a threat intelligence resources organisation for Internal users, which contain usernames and valid passwords for company accounts.
Which of the following is the FIRST action the analyst should take as part of security operations monitoring?

  • A. Search the event logs for event identifiers that indicate Mimikatz was used.
  • B. Run scheduled antivirus scans on all employees' machines to look for malicious processes.
  • C. Change all the user passwords to ensure the malicious actors cannot use them.
  • D. Reimage the machines of all users within the group in case of a malware infection.

Answer: C


NEW QUESTION # 101
Organizational policies require vulnerability remediation on severity 7 or greater within one week.
Anything with a severity less than 7 must be remediated within 30 days. The organization also requires security teams to investigate the details of a vulnerability before performing any remediation. If the investigation determines the finding is a false positive, no remediation is performed and the vulnerability scanner configuration is updates to omit the false positive from future scans:
The organization has three Apache web servers:

The results of a recent vulnerability scan are shown below:

The team performs some investigation and finds a statement from Apache:

Which of the following actions should the security team perform?

  • A. Remediate 192.168.1.20 within 30 days
  • B. Ignore the false positive on 192.168.1.22
  • C. Remediate 192.168.1.22 within 30 days
  • D. Investigate the false negative on 192.168.1.20

Answer: C


NEW QUESTION # 102
During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:

To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and.

  • A. DST 175.35.20.5.
  • B. DST 138.10.25.5.
  • C. DST 172.10.45.5.
  • D. DST 138.10.2.5.
  • E. DST 172.10.3.5.

Answer: D


NEW QUESTION # 103
......

CS0-002 Dumps for CompTIA CySA+ Certified Exam Questions and Answer: https://freetorrent.braindumpsvce.com/CS0-002_exam-dumps-torrent.html

Related Articles

more
CompTIA CS0-002 Certification Practice Exam