Free CS0-002 Exam Dumps

No Installation Required, Instantly Prepare for the CS0-002 exam and please click the below link to start the CS0-002 Exam Simulator with a real CS0-002 practice exam questions.
Use directly our on-line CS0-002 exam dumps materials and try our Testing Engine to pass the CS0-002 which is always updated.

Exam Code: CS0-002
Exam Title: CompTIA Cybersecurity Analyst (CySA+) Certification Exam
Vendor: CompTIA
Exam Questions: 220
Last Updated: September 28th,2024

Question 1

- (Exam Topic 2)
An organization has been seeing increased levels of malicious traffic. A security analyst wants to take a more proactive approach to identify the threats that are acting against the organization’s network. Which of the following approaches should the security analyst recommend?

A. Use the MITRE ATT&CK framework to develop threat models.
B. Conduct internal threat research and establish indicators of compromise.
C. Review the perimeter firewall rules to ensure rule-set accuracy.
D. Use SCAP scans to monitor for configuration changes on the network.

Correct Answer:D

Question 2

- (Exam Topic 1)
An organization is moving its infrastructure to the cloud in an effort to meet the budget and reduce staffing requirements. The organization has three environments: development, testing, and production. These environments have interdependencies but must remain relatively segmented.
Which of the following methods would BEST secure the company's infrastructure and be the simplest to manage and maintain?

A. Create three separate cloud accounts for each environmen
B. Configure account peering and security rules to allow access to and from each environment.
C. Create one cloud account with one VPC for all environment
D. Purchase a virtual firewall and create granular security rules.
E. Create one cloud account and three separate VPCs for each environmen
F. Create security rules to allow access to and from each environment.
G. Create three separate cloud accounts for each environment and a single core account for network service
H. Route all traffic through the core account.

Correct Answer:C

Question 3

- (Exam Topic 3)
A forensics investigator is analyzing a compromised workstation. The investigator has cloned the hard drive and needs to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive that was collected as evidence. Which of the following should the investigator do?

A. Insert the hard drive on a test computer and boot the computer.
B. Record the serial numbers of both hard drives.
C. Compare the file-directory "sting of both hard drives.
D. Run a hash against the source and the destination.

Correct Answer:D

Question 4

- (Exam Topic 2)
An organization recently discovered some inconsistencies in the motherboards it received from a vendor. The organization's security team then provided guidance on how to ensure the authenticity of the motherboards it received from vendors.
Which of the following would be the BEST recommendation for the security analyst to provide'?

A. The organization should evaluate current NDAs to ensure enforceability of legal actions.
B. The organization should maintain the relationship with the vendor and enforce vulnerability scans.
C. The organization should ensure all motherboards are equipped with a TPM.
D. The organization should use a certified, trusted vendor as part of the supply chain.

Correct Answer:D

Question 5

- (Exam Topic 1)
Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below:
POST /services/v1_0/Public/Members.svc/soap
192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22
POST /services/v1_0/Public/Members.svc/soap
<Password123
somebody@companyname.com 192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89
POST /services/v1_0/Public/Members.svc/soap
~~516.7.446.605~~ < 192>POST /services/v1_0/Public/Members.svc/soap
~~http://www.w3.org/2001/XMLSchema-instance">~~
kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd 0
4 ''1=1 13026046Which of the following MOST likely explains how the clients' accounts were compromised?

A. The clients' authentication tokens were impersonated and replayed.

B. The clients' usernames and passwords were transmitted in cleartext.

C. An XSS scripting attack was carried out on the server.

D. A SQL injection attack was carried out on the server.

Correct Answer:B

1
2
3
4
5
6
7
8
9
>