CS0-002 : CompTIA CySA+ Certification Exam (CS0-002) : Part 05

CS0-002 : CompTIA CySA+ Certification Exam (CS0-002) : Part 05

1. Which of the following software assessment methods would be BEST for gathering data related to an application’s availability during peak times?

   • Security regression testing
   • Stress testing
   • Static analysis testing
   • Dynamic analysis testing
   • User acceptance testing

2. An information security analyst is working with a data owner to identify the appropriate controls to preserve the confidentiality of data within an enterprise environment. One of the primary concerns is exfiltration of data by malicious insiders. Which of the following controls is the MOST appropriate to mitigate risks?

   • Data deduplication
   • OS fingerprinting
   • Digital watermarking
   • Data loss prevention

3. A security analyst has discovered that developers have installed browsers on all development servers in the company’s cloud infrastructure and are using them to browse the Internet. Which of the following changes should the security analyst make to BEST protect the environment?

   • Create a security rule that blocks Internet access in the development VPC
   • Place a jumpbox in between the developers’ workstations and the development VPC
   • Remove the administrator’s profile from the developer user group in identity and access management
   • Create an alert that is triggered when a developer installs an application on a server

4. An organization that handles sensitive financial information wants to perform tokenization of data to enable the execution of recurring transactions. The organization is most interested in a secure, built-in device to support its solution. Which of the following would MOST likely be required to perform the desired function?

   • TPM
   • eFuse
   • FPGA
   • HSM
   • UEFI

5. An organization has not had an incident for several months. The Chief Information Security Officer (CISO) wants to move to a more proactive stance for security investigations. Which of the following would BEST meet that goal?

   • Root-cause analysis
   • Active response
   • Advanced antivirus
   • Information-sharing community
   • Threat hunting

6. An analyst is investigating an anomalous event reported by the SOC. After reviewing the system logs, the analyst identifies an unexpected addition of a user with root-level privileges on the endpoint. Which of the following data sources will BEST help the analyst to determine whether this event constitutes an incident?

   • Patching logs
   • Threat feed
   • Backup logs
   • Change requests
   • Data classification matrix

7. A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Big Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of being compromised. Which of the following is the value of this risk?

   • $75,000
   • $300,000
   • $1.425 million
   • $1.5 million

8. A security analyst is investigating a system compromise. The analyst verifies the system was up to date on OS patches at the time of the compromise. Which of the following describes the type of vulnerability that was MOST likely exploited?

   • Insider threat
   • Buffer overflow
   • Advanced persistent threat
   • Zero day

9. An organization developed a comprehensive incident response policy. Executive management approved the policy and its associated procedures. Which of the following activities would be MOST beneficial to evaluate personnel’s familiarity with incident response procedures?

   • A simulated breach scenario involving the incident response team
   • Completion of annual information security awareness training by all employees
   • Tabletop activities involving business continuity team members
   • Completion of lessons-learned documentation by the computer security incident response team
   • External and internal penetration testing by a third party

10. A cybersecurity analyst is responding to an incident. The company’s leadership team wants to attribute the incident to an attack group. Which of the following models would BEST apply to the situation?

    • Intelligence cycle
    • Diamond Model of Intrusion Analysis
    • Kill chain
    • MITRE ATT&CK

11. Which of the following would a security engineer recommend to BEST protect sensitive system data from being accessed on mobile devices?

    • Use a UEFI boot password
    • Implement a self-encrypted disk
    • Configure filesystem encryption
    • Enable Secure Boot using TPM

12. A security analyst implemented a solution that would analyze the attacks that the organization’s firewalls failed to prevent. The analyst used the existing systems to enact the solution and executed the following command:

    $ sudo nc -1 –v –e maildaemon.py 25 > caplog.txt

    Which of the following solutions did the analyst implement?

    • Log collector
    • Crontab mail script
    • Sinkhole
    • Honeypot

13. Which of the following will allow different cloud instances to share various types of data with a minimal amount of complexity?

    • Reverse engineering
    • Application log collectors
    • Workflow orchestration
    • API integration
    • Scripting

14. A finance department employee has received a message that appears to have been sent from the Chief Financial Officer (CFO), asking the employee to perform a wire transfer. Analysis of the email shows the message came from an external source and is fraudulent. Which of the following would work BEST to improve the likelihood of employees quickly recognizing fraudulent emails?

    • Implementing a sandboxing solution for viewing emails and attachments
    • Limiting email from the finance department to recipients on a pre-approved whitelist
    • Configuring email client settings to display all messages in plaintext when read
    • Adding a banner to incoming messages that identifies the messages as external

15. A security analyst wants to identify which vulnerabilities a potential attacker might initially exploit if the network is compromised. Which of the following would provide the BEST results?

    • Baseline configuration assessment
    • Uncredentialed scan
    • Network ping sweep
    • External penetration test

16. An analyst has been asked to provide feedback regarding the controls required by a revised regulatory framework. At this time, the analyst only needs to focus on the technical controls.

    Which of the following should the analyst provide an assessment of?

    • Tokenization of sensitive data
    • Establishment of data classifications
    • Reporting on data retention and purging activities
    • Formal identification of data ownership
    • Execution of NDAs

17. A cybersecurity analyst needs to rearchitect the network using a firewall and a VPN server to achieve the highest level of security. To BEST complete this task, the analyst should place the:

    • firewall behind the VPN server
    • VPN server parallel to the firewall
    • VPN server behind the firewall
    • VPN on the firewall

18. Which of the following policies would state an employee should not disable security safeguards, such as host firewalls and antivirus, on company systems?

    • Code of conduct policy
    • Account management policy
    • Password policy
    • Acceptable use policy

19. As part of a review of incident response plans, which of the following is MOST important for an organization to understand when establishing the breach notification period?

    • Organizational policies
    • Vendor requirements and contracts
    • Service-level agreements
    • Legal requirements

20. A security analyst discovers accounts in sensitive SaaS-based systems are not being removed in a timely manner when an employee leaves the organization. To BEST resolve the issue, the organization should implement:

    • federated authentication
    • role-based access control
    • manual account reviews
    • multifactor authentication