Soar high into the expansive skies of certification, propelled by the uplifting currents of the CS0-002 dumps. Meticulously designed to mirror the vast skies of the syllabus, the CS0-002 dumps spread their wings wide with an array of practice questions, ensuring you soar with grace. Whether the clear vistas of PDFs attract your gaze or the dynamic flight patterns of the VCE format enthrall, the CS0-002 dumps offer a horizon of possibilities. Guiding you through this aerial ballet, the integrated study guide from the CS0-002 dumps acts as your co-pilot, ensuring a smooth journey. With trust as boundless as the sky, our 100% Pass Guarantee stands as our solemn vow.
[New In] Progress your exam readiness with the free CS0-002 PDF and Exam Questions, guaranteeing accomplishment
Question 1:
During which of the following NIST risk management framework steps would an information system security engineer identify inherited security controls and tailor those controls to the system?
A. Categorize
B. Select
C. Implement
D. Assess
Correct Answer: B
Question 2:
A cybersecurity analyst is researching operational data to develop a script that will detect the presence of a threat on corporate assets. Which of the following contains the most useful information to produce this script?
A. API documentation
B. Protocol analysis captures
C. MITRE ATTandCK reports
D. OpenloC files
Correct Answer: C
A cybersecurity analyst is researching operational data to develop a script that will detect the presence of a threat on corporate assets. The most useful information to produce this script is MITRE ATTandCK reports. MITRE ATTandCK is a knowledge base of adversary tactics and techniques based on real-world observations. MITRE ATTandCK reports provide detailed information on how different threat actors operate, what tools they use, what indicators they leave behind, and how to detect or mitigate their attacks. The other options are not as useful or relevant for this purpose. References: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 9; https://attack.mitre.org/
Question 3:
An organization has a policy that requires servers to be dedicated to one function and unneeded services to be disabled. Given the following output from an Nmap scan of a web server:
Which of the following ports should be closed?
A. 22
B. 80
C. 443
D. 1433
Correct Answer: D
“servers to be dedicated to one function…” http/s and SQL are two functions. I will select D, but agree with folks that the question is horribly written, and the person who wrote it was most likely drunk.
Question 4:
Creating an isolated environment in order to test and observe the behavior of unknown software is also known as:
A. sniffing
B. hardening
C. hashing D. sandboxing
Correct Answer: D
Question 5:
Which of the following is the software development process by which function, usability, and scenarios are tested against a known set of base requirements?
A. Security regression testing
B. Code review
C. User acceptance testing
D. Stress testing
Correct Answer: C
“User acceptance testing (UAT) is the last phase of the software testing process. During UAT, actual software users test the software to make sure it can handle required tasks in real-world scenarios, according to specifications.” https://www.plutora.com/blog/uat-user-acceptance-testing
Question 6:
Which of the following data security controls would work BEST to prevent real PII from being used in an organization\’s test cloud environment?
A. Encryption
B. Data loss prevention
C. Data masking
D. Digital rights management
E. Access control
Correct Answer: C
Reference: https://www.imperva.com/learn/data-security/data-masking/
Question 7:
During an investigation, a computer is being seized. Which of the following is the FIRST step the analyst should take?
A. Power off the computer and remove it from the network.
B. Unplug the network cable and take screenshots of the desktop.
C. Perform a physical hard disk image.
D. Initiate chain-of-custody documentation.
Correct Answer: A
Question 8:
Which of the following assessment methods should be used to analyze how specialized software performs during heavy loads?
A. Stress test
B. API compatibility lest
C. Code review
D. User acceptance test
E. Input validation
Correct Answer: A
Question 9:
A Chief Executive Officer (CEO) wants to implement BYOD in the environment. Which of the following options should the security analyst suggest to protect corporate data on these devices? (Choose two.)
A. Disable VPN connectivity on the device.
B. Disable Bluetooth on the device.
C. Disable near-field communication on the device.
D. Enable MDM/MAM capabilities.
E. Enable email services on the device.
F. Enable encryption on all devices.
Correct Answer: DF
Question 10:
A company wants to establish a threat-hunting team. Which of the following BEST describes the rationale for integration intelligence into hunt operations?
A. It enables the team to prioritize the focus area and tactics within the company\’s environment.
B. It provide critically analyses for key enterprise servers and services.
C. It allow analysis to receive updates on newly discovered software vulnerabilities.
D. It supports rapid response and recovery during and followed an incident.
Correct Answer: A
Question 11:
The development team has created a new employee application to allow the 35,000 staff members to communicate via video, chat rooms, and microblogs from anywhere in the world. The application was tested by a small user group, and the code reviews were completed. Which of the following is the best NEXT step the development team should take?
A. Run the application through a web-application vulnerability scanner.
B. Complete an additional round of code reviews to maintain project integrity.
C. Stress test the application to ensure its ability to support the employee population.
D. Isolate the application servers on premises to protect the communication methods.
Correct Answer: A
Question 12:
During a review of vulnerability scan results an analyst determines the results may be flawed because a control-baseline system which is used to evaluate a scanning tools effectiveness was reported as not vulnerable Consequently, the analyst verifies the scope of the scan included the control-baseline host which was available on the network during the scan. The use of a control- baseline endpoint in this scenario assists the analyst in confirming.
A. verification of mitigation
B. false positives
C. false negatives
D. the criticality index
E. hardening validation.
Correct Answer: B
Question 13:
During a recent breach, an attacker was able to use tcpdump on a compromised Linux server to capture the password of a network administrator that logged into a switch using telnet.
Which of the following compensating controls could be implemented to address this going forward?
A. Whitelist tcpdump of Linux servers.
B. Change the network administrator password to a more complex one.
C. Implement separation of duties.
D. Require SSH on network devices.
Correct Answer: D
Question 14:
A new zero-day vulnerability was discovered within a basic screen capture app, which is used throughout the environment. Two days after discovering the vulnerability, the manufacturer of the software has not announced a remediation or if there will be a fix for this newly discovered vulnerability. The vulnerable application is not uniquely critical, but it is used occasionally by the management and executive management teams. The vulnerability allows remote code execution to gain privileged access to the system. Which of the following is the BEST course of actions to mitigate this threat?
A. Work with the manufacturer to determine the time frame for the fix.
B. Block the vulnerable application traffic at the firewall and disable the application services on each computer.
C. Remove the application and replace it with a similar non-vulnerable application.
D. Communicate with the end users that the application should not be used until the manufacturer has resolved the vulnerability.
Correct Answer: D
Question 15:
A red team actor observes it is common practice to allow cell phones to charge on company computers, but access to the memory storage is blocked. Which of the following are common attack techniques that take advantage of this practice? (Choose two.)
A. A USB attack that tricks the computer into thinking the connected device is a keyboard, and then sends characters one at a time as a keyboard to launch the attack (a prerecorded series of keystrokes)
B. A USB attack that turns the connected device into a rogue access point that spoofs the configured wireless SSIDs
C. A Bluetooth attack that modifies the device registry (Windows PCs only) to allow the flash drive to mount, and then launches a Java applet attack
D. A Bluetooth peering attack called “Snarfing” that allows Bluetooth connections on blocked device types if physically connected to a USB port
E. A USB attack that tricks the system into thinking it is a network adapter, then runs a user password hash gathering utility for offline password cracking
Correct Answer: CD