Avant-garde CompTIA Cybersecurity Analyst (CySA+) Certification Exam CS0-002 Exam Prep

NEW QUESTION 1
Which of the following should be found within an organization's acceptable use policy?

• A. Passwords must be eight characters in length and contain at least one special character.
• B. Customer data must be handled properly, stored on company servers, and encrypted when possible
• C. Administrator accounts must be audited monthly, and inactive accounts should be removed.
• D. Consequences of violating the policy could include discipline up to and including termination.

Answer: D

NEW QUESTION 2
Joe, a penetration tester, used a professional directory to identify a network administrator and ID administrator for a client’s company. Joe then emailed the network administrator, identifying himself as the ID administrator, and asked for a current password as part of a security exercise. Which of the following techniques were used in this scenario?

• A. Enumeration and OS fingerprinting
• B. Email harvesting and host scanning
• C. Social media profiling and phishing
• D. Network and host scanning

Answer: C

NEW QUESTION 3
Which of me following BEST articulates the benefit of leveraging SCAP in an organization's cybersecurity analysis toolset?

• A. It automatically performs remedial configuration changes lo enterprise security services
• B. It enables standard checklist and vulnerability analysis expressions for automaton
• C. It establishes a continuous integration environment for software development operations
• D. It provides validation of suspected system vulnerabilities through workflow orchestration

Answer: B

NEW QUESTION 4
A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the future.
Which of the following would be the BEST solution to recommend to the director?

• A. Install a data loss prevention system, and train human resources employees on its us
• B. Provide PII training to all employees at the compan
• C. Encrypt PII information.
• D. Enforce encryption on all emails sent within the compan
• E. Create a PII program and policy on how to handle dat
• F. Train all human resources employees.
• G. Train all employee
• H. Encrypt data sent on the company networ
• I. Bring in privacy personnel to present a plan on how PII should be handled.
• J. Install specific equipment to create a human resources policy that protects PII dat
• K. Train company employees on how to handle PII dat
• L. Outsource all PII to another compan
• M. Send the human resources director to training for PII handling.

Answer: A

NEW QUESTION 5
An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets.
Which of the following should be considered FIRST prior to disposing of the electronic data?

• A. Sanitization policy
• B. Data sovereignty
• C. Encryption policy
• D. Retention standards

Answer: D

NEW QUESTION 6
An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems.
As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue?

• A. Copies of prior audits that did not identify the servers as an issue
• B. Project plans relating to the replacement of the servers that were approved by management
• C. Minutes from meetings in which risk assessment activities addressing the servers were discussed
• D. ACLs from perimeter firewalls showing blocked access to the servers
• E. Copies of change orders relating to the vulnerable servers

Answer: C

NEW QUESTION 7
A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied. When conducting the scan, the analyst received the following code snippet of results:

Which of the following describes the output of this scan?

• A. The analyst has discovered a False Positive, and the status code is incorrect providing an OK message.
• B. The analyst has discovered a True Positive, and the status code is correct providing a file not found error message.
• C. The analyst has discovered a True Positive, and the status code is incorrect providing a forbidden message.
• D. The analyst has discovered a False Positive, and the status code is incorrect providing a server error message.

Answer: B

NEW QUESTION 8
An information security analyst is working with a data owner to identify the appropriate controls to preserve the confidentiality of data within an enterprise environment One of the primary concerns is exfiltration of data by malicious insiders Which of the following controls is the MOST appropriate to mitigate risks?

• A. Data deduplication
• B. OS fingerprinting
• C. Digital watermarking
• D. Data loss prevention

Answer: D

NEW QUESTION 9
A system’s authority to operate (ATO) is set to expire in four days. Because of other activities and limited staffing, the organization has neglected to start reauthentication activities until now. The cybersecurity group just performed a vulnerability scan with the partial set of results shown below:

Based on the scenario and the output from the vulnerability scan, which of the following should the security team do with this finding?

• A. Remediate by going to the web config file, searching for the enforce HTTP validation setting, and manually updating to the correct setting.
• B. Accept this risk for now because this is a “high” severity, but testing will require more than the four days available, and the system ATO needs to be competed.
• C. Ignore i
• D. This is false positive, and the organization needs to focus its efforts on other findings.
• E. Ensure HTTP validation is enabled by rebooting the server.

Answer: A

NEW QUESTION 10
An executive assistant wants to onboard a new cloud based product to help with business analytics and dashboarding. When of the following would be the BEST integration option for the service?

• A. Manually log in to the service and upload data files on a regular basis.
• B. Have the internal development team script connectivity and file translate to the new service.
• C. Create a dedicated SFTP sue and schedule transfers to ensue file transport security
• D. Utilize the cloud products API for supported and ongoing integrations

Answer: A

NEW QUESTION 11
As a proactive threat-hunting technique, hunters must develop situational cases based on likely attack scenarios derived from the available threat intelligence information. After forming the basis of the scenario, which of the following may the threat hunter construct to establish a framework for threat assessment?

• A. Critical asset list
• B. Threat vector
• C. Attack profile
• D. Hypothesis

Answer: A

NEW QUESTION 12
A SIEM solution alerts a security analyst of a high number of login attempts against the company's webmail portal. The analyst determines the login attempts used credentials from a past data breach. Which of the following is the BEST mitigation to prevent unauthorized access?

• A. Single sign-on
• B. Mandatory access control
• C. Multifactor authentication
• D. Federation
• E. Privileged access management

Answer: E

NEW QUESTION 13
A cybersecurity analyst is supporting an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?

• A. Requirements analysis and collection planning
• B. Containment and eradication
• C. Recovery and post-incident review
• D. Indicator enrichment and research pivoting

Answer: A

NEW QUESTION 14
Risk management wants IT to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet.
Which of the following would BEST provide this solution?

• A. File fingerprinting
• B. Decomposition of malware
• C. Risk evaluation
• D. Sandboxing

Answer: D

NEW QUESTION 15
An analyst is performing penetration testing and vulnerability assessment activities against a new vehicle automation platform.
Which of the following is MOST likely an attack vector that is being utilized as part of the testing and assessment?

• A. FaaS
• B. RTOS
• C. SoC
• D. GPS
• E. CAN bus

Answer: E

NEW QUESTION 16
A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output:

Which of the following lines indicates the computer may be compromised?

• A. Line 1
• B. Line 2
• C. Line 3
• D. Line 4
• E. Line 5
• F. Line 6

Answer: D

NEW QUESTION 17
A security analyst gathered forensics from a recent intrusion in preparation for legal proceedings. The analyst used EnCase to gather the digital forensics. cloned the hard drive, and took the hard drive home for further analysis. Which of the following of the security analyst violate?

• A. Cloning procedures
• B. Chain of custody
• C. Hashing procedures
• D. Virtualization

Answer: B

NEW QUESTION 18
......